<html>
<head>
	<title>SQL Relay Configuration Guide</title>
	<link rel="stylesheet" href="../css/styles.css">
</head>
<body>
<h1>SQL Relay Configuration Guide</h1>

<ul>
  <li><a href="#quick">Quick Start</a></li>
  <li><a href="#basic">Basic Configuration</a></li>
  <ul>
    <li><a href="#database">Database Configuration</a></li>
    <ul>
      <li><a href="#db-oracle">Oracle</a></li>
      <li><a href="#db-mssql-odbc">Microsoft SQL Server (via ODBC)</a></li>
      <li><a href="#db-mssql-freetds">Microsoft SQL Server (via FreeTDS)</a></li>
      <li><a href="#db-sap">SAP/Sybase (via the native SAP/Sybase library)</a></li>
      <li><a href="#db-sap-freetds">SAP/Sybase (via FreeTDS)</a></li>
      <li><a href="#db-db2">IBM DB2</a></li>
      <li><a href="#db-informix">Informix</a></li>
      <li><a href="#db-mysql">MySQL/MariaDB</a></li>
      <li><a href="#db-postgresql">PostgreSQL</a></li>
      <li><a href="#db-firebird">Firebird</a></li>
      <li><a href="#db-sqlite">SQLite</a></li>
      <li><a href="#db-odbc-teradata">Teradata (via ODBC)</a></li>
      <li><a href="#db-odbc-exasol">Exasol (via ODBC)</a></li>
      <li><a href="#db-odbc-hive">Apache Hive (via ODBC)</a></li>
      <li><a href="#db-odbc-impala">Apache Impala (via ODBC)</a></li>
      <li><a href="#db-odbc-redshift">Amazon Redshift (via ODBC)</a></li>
      <li><a href="#db-postgresql-redshift">Amazon Redshift (via PostgreSQL)</a></li>
      <li><a href="#db-odbc-athena">Amazon Athena (via ODBC)</a></li>
      <li><a href="#db-odbc">Generic ODBC</a></li>
    </ul>

    <li><a href="#dbconnections">Database Connections</a></li>
    <ul>
      <li><a href="#dbconnections-performance">For Performance</a></li>
      <li><a href="#dbconnections-throttling">For Throttling</a></li>
    </ul>

    <li><a href="#dbcursors">Database Cursors</a></li>
    <li><a href="#dynamicscaling">Dynamic Scaling</a></li>
    <li><a href="#listener">Listener Configuration</a></li>
    <li><a href="#instances">Multiple Instances</a></li>
    <li><a href="#autostart">Starting Instances Automatically</a></li>
  </ul>

  <li><a href="#protocoloptions">Client Protocol Options</a></li>
  <ul>
    <li><a href="#sqlrclientprotocol">SQLRClient Protocol</a></li>
    <ul>
      <li><a href="#sqlrclientconfiguration">Basic Configuration</a></li>
      <li><a href="#sqlrclientlistener">Listener Options</a></li>
      <li><a href="#sqlrclientauth">Authentication/Encryption Options</a></li>
      <ul>
        <li><a href="#sqlrclientconnectstringsauth">Connect Strings Auth</a></li>
        <li><a href="#sqlrclientuserlistauth">User List Auth</a></li>
        <li><a href="#sqlrclientdbauth">Database Auth</a></li>
        <li><a href="#sqlrclientproxiedauth">Proxied Auth</a></li>
        <li><a href="#sqlrclientkrb">Kerberos and Active Directory Encryption and Authentication</a></li>
        <li><a href="#sqlrclienttls">TLS/SSL Encryption and Authentication</a></li>
      </ul>

      <li><a href="#sqlrclientlimitations">Limitations</a></li>
    </ul>

    <li><a href="#mysqlprotocol">MySQL Protocol</a></li>
    <ul>
      <li><a href="#mysqlconfiguration">Basic Configuration</a></li>
      <li><a href="#mysqllistener">Listener Options</a></li>
      <li><a href="#mysqlauth">Authentication/Encryption Options</a></li>
      <ul>
        <li><a href="#mysqlconnectstringsauth">Connect Strings Auth</a></li>
        <li><a href="#mysqluserlistauth">User List Auth</a></li>
        <li><a href="#mysqldbauth">Database Auth</a></li>
        <li><a href="#mysqltls">TLS/SSL Encryption and Authentication</a></li>
      </ul>

      <li><a href="#mysqlforeignbackend">Foreign Backend</a></li>
      <li><a href="#mysqlspecialpurpose">Special-Purpose Options</a></li>
      <li><a href="#mysqllimitations">Limitations</a></li>
    </ul>

    <li><a href="#postgresqlprotocol">PostgreSQL Protocol</a></li>
    <ul>
      <li><a href="#postgresqlconfiguration">Basic Configuration</a></li>
      <li><a href="#postgresqllistener">Listener Options</a></li>
      <li><a href="#postgresqlauth">Authentication/Encryption Options</a></li>
      <ul>
        <li><a href="#postgresqlconnectstringsauth">Connect Strings Auth</a></li>
        <li><a href="#postgresqluserlistauth">User List Auth</a></li>
        <li><a href="#postgresqltls">TLS/SSL Encryption and Authentication</a></li>
      </ul>

      <li><a href="#postgresqlforeignbackend">Foreign Backend</a></li>
      <li><a href="#postgresqllimitations">Limitations</a></li>
    </ul>

    <li><a href="#multipleprotocols">Multiple Protocols</a></li>
    <ul>
      <li><a href="#multiprotocolconfiguration">Basic Configuration</a></li>
      <li><a href="#multiprotocollistener">Listener Options</a></li>
      <li><a href="#multiprotocolauth">Authentication/Encryption Options</a></li>
    </ul>

  </ul>

  <li><a href="#ha">High Availability</a></li>
  <ul>
    <li><a href="#cluster">Load-Balancing and Fail-Over With Replicated Databases or Database Clusters</a></li>
    <li><a href="#rac">Already-Load-Balanced Databases</a></li>
    <li><a href="#masterslave">Master-Slave Query Routing</a></li>
    <li><a href="#frontendlb">Front-End Load-Balancing and Fail-Over</a></li>
  </ul>

  <li><a href="#security">Security Features</a></li>
  <ul>
    <li><a href="#frontendencryption">Front-End Encryption and Secure Authentication</a></li>
    <li><a href="#backendencryption">Back-End Encryption and Secure Authentication</a></li>
    <ul>
      <li><a href="#backendenc-oracle">Oracle</a></li>
      <li><a href="#backendenc-mssql-freetds">Microsoft SQL Server (via FreeTDS)</a></li>
      <li><a href="#backendenc-mysql">MySQL/MariaDB</a></li>
      <li><a href="#backendenc-postgresql">PostgreSQL</a></li>
    </ul>

    <li><a href="#runas">Run-As User and Group</a></li>
    <li><a href="#deniedallowedips">Denied/Allowed IP Addresses</a></li>
    <li><a href="#pwdenc">Password Encryption</a></li>
    <ul>
      <li><a href="#rot">rot</a></li>
      <li><a href="#md5">md5</a></li>
      <li><a href="#sha1">sha1</a></li>
      <li><a href="#sha256">sha256</a></li>
      <li><a href="#des">des</a></li>
      <li><a href="#aes128">aes128</a></li>
    </ul>

    <li><a href="#schedules">Connection Schedules</a></li>
    <ul>
      <li><a href="#cron_userlist">cron_userlist</a></li>
    </ul>

    <li><a href="#filtering">Query Filtering</a></li>
    <ul>
      <li><a href="#filter-patterns">patterns</a></li>
      <li><a href="#filter-regex">regex</a></li>
      <li><a href="#filter-string">string</a></li>
      <li><a href="#filter-tag">tag</a></li>
    </ul>

  </ul>

  <li><a href="#translation">Data Translation</a></li>
  <ul>
    <li><a href="#queryparsing">Query Parsing</a></li>
    <li><a href="#querytranslation">Query Translation</a></li>
    <ul>
      <li><a href="#normalize">normalize</a></li>
      <li><a href="#patterns">patterns</a></li>
    </ul>

    <li><a href="#bindvariabletranslation">Bind Variable Translation</a></li>
    <li><a href="#resultsetheaderranslation">Result Set Header Translation</a></li>
    <li><a href="#resultsettranslation">Result Set Translation</a></li>
    <ul>
      <li><a href="#reformatdatetime">reformatdatetime</a></li>
    </ul>

    <li><a href="#resultsetrowtranslation">Result Set Row Translation</a></li>
    <li><a href="#resultsetrowtranslation">Result Set Row Block Translation</a></li>
    <li><a href="#moduledata">Module Data</a></li>
  </ul>

  <li><a href="#directives">Query Directives</a></li>
  <ul>
    <li><a href="#custom_wf">custom_wf</a></li>
    <li><a href="#singlestep">singlestep</a></li>
  </ul>

  <li><a href="#queryrouting">Query Routing</a></li>
  <ul>
    <li><a href="#regex">regex</a></li>
    <li><a href="#userlist">userlist</a></li>
    <li><a href="#clientiplist">clientiplist</a></li>
    <li><a href="#clientinfolist">clientinfolist</a></li>
    <li><a href="#usedatabase">usedatabase</a></li>
    <li><a href="#routingquirks">Quirks and Limitations</a></li>
  </ul>

  <li><a href="#queries">Custom Queries</a></li>
  <ul>
    <li><a href="#sqlrcmdcstat">sqlrcmdcstat</a></li>
    <li><a href="#sqlrcmdgstat">sqlrcmdgstat</a></li>
  </ul>

  <li><a href="#triggers">Triggers</a></li>
  <ul>
    <li><a href="#replay">replay</a></li>
  </ul>

  <li><a href="#logging">Logging</a></li>
  <ul>
    <li><a href="#debug">debug</a></li>
    <li><a href="#slowqueries">slowqueries</a></li>
    <li><a href="#stalecursors">stalecursors</a></li>
  </ul>

  <li><a href="#notifications">Notifications</a></li>
  <ul>
    <li><a href="#events">events</a></li>
  </ul>

  <li><a href="#sessionqueries">Session-Queries</a></li>
  <li><a href="#altconfigfile">Alternative Configuration File Options</a></li>
  <ul>
    <li><a href="#directory">Configuration Directory</a></li>
    <li><a href="#specifying">Specifying Configuration Files</a></li>
    <li><a href="#remote">Remote Configuration Files</a></li>
    <li><a href="#linkfiles">Link Files</a></li>
  </ul>

  <li><a href="#advanced">Advanced Configuration</a></li>
</ul>

<hr/>

<br/><a name="quick"/><h1>Quick Start</h1>

<p>When SQL Relay is first installed, no configuration file exists.  You must create one in the appropriate location.  This location depends on the platform and on how you installed SQL Relay.</p>

<ul>
  <li>Unix and Linux</li>
  <ul>
    <li>Built from source - <b>/usr/local/firstworks/etc/sqlrelay.conf</b> (unless you specified a non-standard --prefix or --sysconfdir during the build)</li>
    <li>RPM package - <b>/etc/sqlrelay.conf</b></li>
    <li>FreeBSD package - <b>/usr/local/etc/sqlrelay.conf</b></li>
    <li>NetBSD package - <b>/usr/pkg/etc/sqlrelay.conf</b></li>
    <li>OpenBSD package - <b>/usr/local/etc/sqlrelay.conf</b></li>
  </ul>

  <li>Windows</li>
  <ul>
    <li>Built from source - <b>C:\Program Files\Firstworks\etc\sqlrelay.conf</b></li>
    <li>Windows Installer package - <b>C:\Program Files\Firstworks\etc\sqlrelay.conf</b> (unless you specified a non-standard installation folder)</li>
  </ul>

</ul>

<p>The most minimal sqlrelay.conf would be something like:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>This configuration defines an instance of SQL Relay named <i>example</i>, secured by a user and password, that opens and maintains a pool of 5 persistent connections to the <i>orcl</i> instance of an Oracle database using <i>scott</i><i>/tiger</i> credentials.</p>

<p>The instance can be started using:</p>

<blockquote>
  <pre>sqlr-start -id example
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>It can be accessed locally using:</p>

<blockquote>
  <pre>sqlrsh -host localhost -user scott -password tiger
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> By default, the user and password used to access SQL Relay are the same as the user and password that SQL Relay is configured to use to access the database.  That is, they are the values of the user and password parameters of the string attribute of the connection tag. )
</blockquote>
<p>By default, SQL Relay listens on all available network interfaces, and can be accessed remotely by hostname.  For example, if the server running SQL Relay is named <i>sqlrserver</i> then it can be accessed from another system using:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -user scott -password tiger
</pre>

</blockquote>
<p>The instance can be stopped using:</p>

<blockquote>
  <pre>sqlr-stop -id example
</pre>

</blockquote>
<p>All running instances of SQL Relay can be stopped using:</p>

<blockquote>
  <pre>sqlr-stop
</pre>

</blockquote>
<p>(without the -id argument)</p>

<hr/>

<br/><a name="basic"/><h1>Basic Configuration</h1>

<p>The example above may be sufficient for many use cases, but SQL Relay has many options and for a production deployment, odds are good that you'll want to configure it further.</p>

<br/><a name="database"/><h2>Database Configuration</h2>

<p>By default, SQL Relay assumes that it's connecting to an Oracle database, but many other databases are supported.  The dbase attribute of the instance tag specifies the database type and the connect string options (options in the string attribute of the connection tag) specify the parameters used to connect to the database.  The connect string options are different for each database.</p>

<p>Examples follow.</p>

<br/><a name="db-oracle"/><h3>Oracle</h3>

<p>In this example, SQL Relay is configured to connect to an Oracle database.  The dbase attribute defaults to "oracle", so the dbase attribute may be omitted when connecting to an Oracle database.  It is just set here for illustrative purposes.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_home=/u01/app/oracle/product/12.1.0;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The oracle_home option refers to the base directory of an Oracle instance.  On Windows platforms, it should be specified as a Windows-style path with doubled backslashes.  For example:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>C<font color="#990000">:\\</font>Oracle<font color="#990000">\\</font>ora12<font color="#990000">.</font><font color="#993399">1</font></tt></pre>

</blockquote>
<p>The oracle_home option is often unnecessary though, as the $ORACLE_HOME environment variable is usually set system-wide.</p>

<p>The oracle_sid option refers to an entry in the tnsnames.ora file (usually $ORACLE_HOME/network/admin/tnsnames.ora) similar to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>ORCL <font color="#990000">=</font>
  <font color="#990000">(</font>DESCRIPTION <font color="#990000">=</font>
    <font color="#990000">(</font>ADDRESS <font color="#990000">=</font> <font color="#990000">(</font>PROTOCOL <font color="#990000">=</font> TCP<font color="#990000">)(</font>HOST <font color="#990000">=</font> examplehost<font color="#990000">)(</font>PORT <font color="#990000">=</font> <font color="#993399">1521</font><font color="#990000">))</font>
    <font color="#990000">(</font>CONNECT_DATA <font color="#990000">=</font>
      <font color="#990000">(</font>SERVER <font color="#990000">=</font> DEDICATED<font color="#990000">)</font>
      <font color="#990000">(</font>SERVICE_NAME <font color="#990000">=</font> orcl<font color="#990000">)</font>
    <font color="#990000">)</font>
  <font color="#990000">)</font></tt></pre>

</blockquote>
<p>(Note that the tnsnames.ora file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>If you are using Oracle Instant Client, then it's likely that you don't have an $ORACLE_HOME or a tnsnames.ora file.  In that case, the oracle_sid can be set directly to a tnsnames-style expression and the oracle_home option can be omitted.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = examplehost)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)))"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>See the <a href="configreference.html#oracle">SQL Relay Configuration Reference</a> for other valid Oracle connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-oracle.html">Getting Started With Oracle</a> for general assistance installing and configuring an Oracle database.</p>

<br/><a name="db-mssql-odbc"/><h3>Microsoft SQL Server (via ODBC)</h3>

<p>On Windows platforms, ODBC can be used to access a Microsoft SQL Server database.  There is also a <a target="_blank" href="https://msdn.microsoft.com/en-us/library/hh568451(v=sql.110).aspx">Microsoft-provided ODBC driver</a> for some versions of Linux.</p>

<p>In this example, SQL Relay is configured to connect to a Microsoft SQL Server database via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=odbcdsn;user=odbcuser;password=odbcpassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>exampledsn<font color="#990000">]</font>
Description<font color="#990000">=</font>SQL Server
Driver<font color="#990000">=</font>ODBC Driver <font color="#993399">11</font> <b><font color="#0000FF">for</font></b> SQL Server
Server<font color="#990000">=</font>examplehost
Port<font color="#990000">=</font><font color="#993399">1433</font>
Database<font color="#990000">=</font></tt></pre>

</blockquote>
<p>The Driver parameter refers to an entry in the odbcinst.ini file (usually /etc/odbcinst.ini) which identifies driver files:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>ODBC Driver <font color="#993399">11</font> <b><font color="#0000FF">for</font></b> <font color="#008080">SQL</font> Server<font color="#990000">]</font> 
Description<font color="#990000">=</font>Microsoft ODBC Driver <font color="#993399">11</font> <b><font color="#0000FF">for</font></b> SQL Server
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>microsoft<font color="#990000">/</font>msodbcsql<font color="#990000">/</font>lib64<font color="#990000">/</font>libmsodbcsql<font color="#990000">-</font><font color="#993399">11.0</font><font color="#990000">.</font>so<font color="#990000">.</font><font color="#993399">2270.0</font> 
Threading<font color="#990000">=</font><font color="#993399">1</font> 
UsageCount<font color="#990000">=</font><font color="#993399">1</font> </tt></pre>

</blockquote>
<p>(Note that the odbc.ini and odbcinst.ini files must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-odbc-on-non-ms.html">Getting Started With ODBC (on a non-MS platform)</a> for general assistance installing and configuring ODBC on a non-MS platform.</p>

<br/><a name="db-mssql-freetds"/><h3>Microsoft SQL Server (via FreeTDS)</h3>

<p>On Windows platforms, ODBC can be used to access a Microsoft SQL Server database.  There is also a <a target="_blank" href="https://msdn.microsoft.com/en-us/library/hh568451(v=sql.110).aspx">Microsoft-provided ODBC driver</a> for some versions of Linux.</p>

<p>However, on Linux and Unix platforms, access to Microsoft SQL Server databases is also available via <a target="_blank" href="http://www.freetds.org">FreeTDS</a>.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"freetds"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"server=FREETDSSERVER;user=freetdsuser;password=freetdspassword;db=freetdsdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The server option refers to an entry in the freetds.conf file (usually /etc/freetds.conf or /usr/local/etc/freetds.conf) which identifies the database server, similar to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>FREETDSSERVER<font color="#990000">]</font>
	host <font color="#990000">=</font> examplehost
	port <font color="#990000">=</font> <font color="#993399">1433</font>
	<font color="#008080">tds</font> version <font color="#990000">=</font> <font color="#993399">7.0</font>
	<font color="#008080">client</font> charset <font color="#990000">=</font> UTF<font color="#990000">-</font><font color="#993399">8</font></tt></pre>

</blockquote>
<p>(Note that the freetds.conf file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#freetds">SQL Relay Configuration Reference</a> for other valid FreeTDS connect string options.</p>

<br/><a name="db-sap"/><h3>SAP/Sybase (via the native SAP/Sybase library)</h3>

<p>In this example, SQL Relay is configured to connect to a SAP/Sybase database via the native SAP/Sybase library.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The sybase option refers to the base directory of the SAP/Sybase software installation.  On Windows platforms, it should be specified as a Windows-style path with doubled backslashes.  For example:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>C<font color="#990000">:\\</font>SAP</tt></pre>

</blockquote>
<p>The sybase option is often unnecessary though, as the $SYBASE environment variable is usually set system-wide.</p>

<p>On Linux/Unix platforms, the server option refers to an entry in the interfaces (usually $SYBASE/interfaces) file which identifies the database server, similar to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>SAPSERVER
	master tcp ether examplehost <font color="#993399">5000</font>
	query tcp ether examplehost <font color="#993399">5000</font></tt></pre>

</blockquote>
<p>(Note that the interfaces file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>On Windows platforms, the server option refers to a similar entry created in an opaque location with the Open Client Directory Services Editor (dsedit).</p>

<p>The lang option sets the language to a value that is known to be supported by Sybase.  This may not be necessary on all platforms.  See <a href="../faq.html#sqlserver">the FAQ</a> for more info.</p>

<p>See the <a href="configreference.html#sap">SQL Relay Configuration Reference</a> for other valid SAP/Sybase connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-sapsybase.html">Getting Started With SAP/Sybase</a> for general assistance installing and configuring an SAP/Sybase database.</p>

<br/><a name="db-sap-freetds"/><h3>SAP/Sybase (via FreeTDS)</h3>

<p>The native SAP/Sybase library is available on Windows and on some Linux/Unix platforms.</p>

<p>However, on Linux and Unix platforms, access to SAP/Sybase databases is also available via <a target="_blank" href="http://www.freetds.org">FreeTDS</a>.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"freetds"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"server=FREETDSSERVER;user=freetdsuser;password=freetdspassword;db=freetdsdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The server option refers to an entry in the freetds.conf file (usually /etc/freetds.conf or /usr/local/etc/freetds.conf) which identifies the database server, similar to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>FREETDSSERVER<font color="#990000">]</font>
	host <font color="#990000">=</font> examplehost
	port <font color="#990000">=</font> <font color="#993399">5000</font>
	<font color="#008080">tds</font> version <font color="#990000">=</font> <font color="#993399">5.0</font></tt></pre>

</blockquote>
<p>(Note that the freetds.conf file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#freetds">SQL Relay Configuration Reference</a> for other valid FreeTDS connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-sapsybase.html">Getting Started With SAP/Sybase</a> for general assistance installing and configuring an SAP/Sybase database.</p>

<br/><a name="db-db2"/><h3>IBM DB2</h3>

<p>In this example, SQL Relay is configured to connect to an IBM DB2 database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"db2"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"db=exampledb;user=db2inst1;password=db2inst1pass;connecttimeout=0"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The db option refers to an entry in the local DB2 instance's database catalog.  See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-ibm-db2.html#accessingremote">Getting Started With IBM DB2 - Accessing Remote Instances</a> for more information.</p>

<p>The connecttimeout=0 option tells SQL Relay not to time out when connecting to the database.  DB2 instances can take a long time to log in to sometimes.  The default timeout is often too short.</p>

<p>See the <a href="configreference.html#db2">SQL Relay Configuration Reference</a> for other valid IBM DB2 connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-ibm-db2.html">Getting Started With IBM DB2</a> for general assistance installing and configuring an IBM DB2 database.</p>

<br/><a name="db-informix"/><h3>Informix</h3>

<p>In this example, SQL Relay is configured to connect to an Informix database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"informix"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"informixdir=/opt/informix;servername=ol_informix1210;db=informixdb;user=informixuser;password=informixpassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The informixdir option refers to the base directory of the Informix software installation.  On Windows platforms, it should be specified as a Windows-style pathwith doubled backslashes.  For example:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>C<font color="#990000">:\\</font><font color="#008080">Program</font> Files<font color="#990000">\\</font>IBM Informix Software Bundle</tt></pre>

</blockquote>
<p>The informixdir option is often unnecessary, as the $INFORMIXDIR environment variable is usually set system-wide.</p>

<p>On Linux and Unix platforms, the servername option refers to an entry in the sqlhosts file (usually $INFORMIXDIR/etc/sqlhosts) which identifies the database server, similar to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>ol_informix1210 onsoctcp <font color="#993399">192.168</font><font color="#990000">.</font><font color="#993399">123.59</font> ol_informix1210</tt></pre>

</blockquote>
<p>The second ol_informix1210 in the sqlhosts file refers to an entry in /etc/services which identifies the port that the server is listening on, similar to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>ol_informix1210 <font color="#993399">29756</font><font color="#990000">/</font>tcp</tt></pre>

</blockquote>
<p>(Note that the sqlhosts and /etc/services files must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>On Windows platforms, the servername option refers to a similar entry created in an opaque location with the Setnet32 program.</p>

<p>See the <a href="configreference.html#informix">SQL Relay Configuration Reference</a> for other valid Informix connect string options.</p>

<br/><a name="db-mysql"/><h3>MySQL/MariaDB</h3>

<p>In this example, SQL Relay is configured to connect to a MySQL/MariaDB database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The host and db options indicate that SQL Relay should connect to the database exampledb on the host examplehost.</p>

<p>See the <a href="configreference.html#mysql">SQL Relay Configuration Reference</a> for other valid MySQL/MariaDB connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-mysql.html">Getting Started With MySQL</a> for general assistance installing and configuring a MySQL/MariaDB database.</p>

<br/><a name="db-postgresql"/><h3>PostgreSQL</h3>

<p>In this example, SQL Relay is configured to connect to a PostgreSQL database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;host=postgresqlhost;db=postgresqldb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The host and db options indicate that SQL Relay should connect to the database exampledb on the host examplehost.</p>

<p>See the <a href="configreference.html#postgresql">SQL Relay Configuration Reference</a> for other valid PostgreSQL connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-postgresql.html">Getting Started With PostgreSQL</a> for general assistance installing and configuring a PostgreSQL database.</p>

<br/><a name="db-firebird"/><h3>Firebird</h3>

<p>In this example, SQL Relay is configured to connect to a Firebird database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"firebird"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=firebirduser;password=firebirdpassword;db=firebirdhost:/opt/firebird/firebirddb.gdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The db option indicates that SQL Relay should connect to the database located at /opt/firebird/exampledb.gdb on the host examplehost.</p>

<p>Note that if the database is located on a Windows host, then the path segment of the db option should be specified as a Windows-style path with doubled backslashes.  For example:
<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>examplehost<font color="#990000">:</font>C<font color="#990000">:\\</font><font color="#008080">Program</font> Files<font color="#990000">\\</font>Firebird<font color="#990000">\\</font>Firebird_3_0<font color="#990000">\\</font>exampledb<font color="#990000">.</font>gdb</tt></pre>

</blockquote>
</p>

<p>See the <a href="configreference.html#firebird">SQL Relay Configuration Reference</a> for other valid Firebird connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-firebird.html">Getting Started With Firebird</a> for general assistance installing and configuring a Firebird database.</p>

<br/><a name="db-sqlite"/><h3>SQLite</h3>

<p>In this example, SQL Relay is configured to connect to a SQLite database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sqlite"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"db=/var/sqlite/sqlitedb;user=sqliteuser;password=sqlitepassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The db option indicates that SQL Relay should connect to the database /var/sqlite/exampledb.</p>

<p>Note that the database file (exampledb in this case) and the directory that its located in (/var/sqlite in this case) must both be readable and writable by the user that the instance of SQL Relay runs as.</p>

<p>Also note the user and password parameters in the connection string.  SQLite doesn't require these for SQL Relay to access the database, but they are included to define a user and password for accessing SQL Relay itself.</p>

<p>SQLite also supports a high-performance in-memory mode where tables are maintained in memory and nothing is written to permanent storage.  To use this mode with SQL Relay, set the db option to :memory:.</p>

<p>As each running instance of sqlr-connection will have its own separate in-memory database, you almost certainly want to limit the number of connections to 1.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sqlite"</font> <font color="#009900">connections</font><font color="#990000">=</font><font color="#FF0000">"1"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"db=:memory:;user=sqliteuser;password=sqlitepassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Note that the entire in-memory database will be lost when SQL Relay is stopped.  There is no way to preserve it.  Such is the nature of pure in-memory databases.</p>

<p>See the <a href="configreference.html#sqlite">SQL Relay Configuration Reference</a> for other valid SQLite connect string options.</p>

<p>See <a target="_blank" href="http://software.firstworks.com/p/getting-started-with-sqlite.html">Getting Started With SQLite</a> for general assistance installing and configuring a SQLite database.</p>

<br/><a name="db-odbc-teradata"/><h3>Teradata (via ODBC)</h3>

<p>Teradata ODBC drivers are available for many platforms, including Windows and Linux.</p>

<p>In this example, SQL Relay is configured to connect to a Teradata database via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=teradata;user=teradatauser;password=teradatapassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>teradata<font color="#990000">]</font>
Description<font color="#990000">=</font>Teradata Database ODBC Driver <font color="#993399">16.20</font>
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>teradata<font color="#990000">/</font>client<font color="#990000">/</font><font color="#993399">16.20</font><font color="#990000">/</font>lib64<font color="#990000">/</font>tdataodbc_sb64<font color="#990000">.</font>so
DBCName<font color="#990000">=</font>teradatahost
UID<font color="#990000">=</font>testuser
PWD<font color="#990000">=</font>testpassword
AccountString<font color="#990000">=</font>
CharacterSet<font color="#990000">=</font>ASCII
DatasourceDNSEntries<font color="#990000">=</font>
DateTimeFormat<font color="#990000">=</font>IAA
DefaultDatabase<font color="#990000">=</font>
DontUseHelpDatabase<font color="#990000">=</font><font color="#993399">0</font>
DontUseTitles<font color="#990000">=</font><font color="#993399">1</font>
EnableExtendedStmtInfo<font color="#990000">=</font><font color="#993399">1</font>
EnableReadAhead<font color="#990000">=</font><font color="#993399">1</font>
IgnoreODBCSearchPattern<font color="#990000">=</font><font color="#993399">0</font>
LogErrorEvents<font color="#990000">=</font><font color="#993399">0</font>
LoginTimeout<font color="#990000">=</font><font color="#993399">20</font>
MaxRespSize<font color="#990000">=</font><font color="#993399">65536</font>
MaxSingleLOBBytes<font color="#990000">=</font><font color="#993399">0</font>
MaxTotalLOBBytesPerRow<font color="#990000">=</font><font color="#993399">0</font>
MechanismName<font color="#990000">=</font>
NoScan<font color="#990000">=</font><font color="#993399">0</font>
PrintOption<font color="#990000">=</font>N
retryOnEINTR<font color="#990000">=</font><font color="#993399">1</font>
ReturnGeneratedKeys<font color="#990000">=</font>N
SessionMode<font color="#990000">=</font>System Default
SplOption<font color="#990000">=</font>Y
TABLEQUALIFIER<font color="#990000">=</font><font color="#993399">0</font>
TCPNoDelay<font color="#990000">=</font><font color="#993399">1</font>
TdmstPortNumber<font color="#990000">=</font><font color="#993399">1025</font>
UPTMode<font color="#990000">=</font>Not set
USE2XAPPCUSTOMCATALOGMODE<font color="#990000">=</font><font color="#993399">0</font>
UseDataEncryption<font color="#990000">=</font><font color="#993399">0</font>
UseDateDataForTimeStampParams<font color="#990000">=</font><font color="#993399">0</font></tt></pre>

</blockquote>
<p>(Note that the odbc.ini file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<br/><a name="db-odbc-exasol"/><h3>Exasol (via ODBC)</h3>

<p>Exasol ODBC drivers are available for Windows and Linux.</p>

<p>In this example, SQL Relay is configured to connect to an Exasol database via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=exasolution-uo2214lv2_64;user=sys;password=exasol"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>exasolution<font color="#990000">-</font>uo2214lv2_64<font color="#990000">]</font>
DRIVER<font color="#990000">=/</font>home<font color="#990000">/</font>dmuse<font color="#990000">/</font>software<font color="#990000">/</font>EXASOL_ODBC<font color="#990000">-</font><font color="#993399">6.0</font><font color="#990000">.</font><font color="#993399">11</font><font color="#990000">/</font>lib<font color="#990000">/</font>linux<font color="#990000">/</font>x86_64<font color="#990000">/</font>libexaodbc<font color="#990000">-</font>uo2214lv2<font color="#990000">.</font>so
EXAHOST<font color="#990000">=</font><font color="#993399">192.168</font><font color="#990000">.</font><font color="#993399">123.12</font><font color="#990000">:</font><font color="#993399">8563</font>
EXAUID<font color="#990000">=</font>sys
EXAPWD<font color="#990000">=</font>exasol</tt></pre>

</blockquote>
<p>(Note that the odbc.ini file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<br/><a name="db-odbc-hive"/><h3>Apache Hive (via ODBC)</h3>

<p>Apache Hive is a data warehouse built on top of Apache Hadoop.  Cloudera provides a Hive ODBC driver for Windows and Linux platforms which implements a SQL interface to Hive.  This driver has some quirks.</p>

<p>The most significant quirk is that version 2.6.4.1004 (and probably other versions) for Linux ship with their own copy of libssl/libcrypto, version 1.1.  These tend to conflict with the versions of libssl/libcrypto that SQL Relay itself is linked against, causing the driver to malfunction.  The only known solution is to build a copy of Rudiments and SQL Relay from source, configuring rudiments with the --disable-ssl --disable-gss --disable-libcurl options, and use this copy to access Hive.  Unfortunately, this has a side effect of disabling all SSL/TLS and Kerberos support in SQL Relay, as well as disabling the ability to load config files over https and ssh.  Perhaps a future version of the Cloudera Hive ODBC driver for Linux will link against the system versions of libssl/libcrypto and eliminate this quirk.</p>

<p>In this example, SQL Relay is configured to connect to a Apache Hive data warehouse via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;session&gt;</font></b>
			<b><font color="#0000FF">&lt;start&gt;</font></b>
				<b><font color="#0000FF">&lt;runquery&gt;</font></b>
				use hivedb
				<b><font color="#0000FF">&lt;/runquery&gt;</font></b>
				<b><font color="#0000FF">&lt;runquery&gt;</font></b>
				select 1
				<b><font color="#0000FF">&lt;/runquery&gt;</font></b>
			<b><font color="#0000FF">&lt;/start&gt;</font></b>
		<b><font color="#0000FF">&lt;/session&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=hive;user=hiveuser;password=hivepassword;db=hivedb;overrideschema=hivedb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The contents of the session tag work around another quirk.  "hivedb" is specified in the db option of the string attribute of the connection tag, but this doesn't appear to be adequate to actually put you in that schema.  Running the "use hivedb" query at the beginning of the session helps.  But, it appears that the schema isn't actually selected until the first query is run.  So, the "select 1" query immediately following the use query solves this.</p>

<p>The overrideschema option in the string attribute of the connection tag works around yet another quirk.  The database tends to report the current schema as something other than "hivedb", but when running "show tables" or "describe" queries, the database wants "hivedb" to be passed in as the schema for the table names.</p>

<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>hive<font color="#990000">]</font>
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>cloudera<font color="#990000">/</font>hiveodbc<font color="#990000">/</font>lib<font color="#990000">/</font><font color="#993399">64</font><font color="#990000">/</font>libclouderahiveodbc64<font color="#990000">.</font>so
HiveServerType<font color="#990000">=</font><font color="#993399">2</font>
Host<font color="#990000">=</font>hiveserver
Port<font color="#990000">=</font><font color="#993399">10000</font></tt></pre>

</blockquote>
<p>(Note that the odbc.ini file must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<br/><a name="db-odbc-impala"/><h3>Apache Impala (via ODBC)</h3>

<p>Apache Impala is a query engine for Apache Hadoop.  Cloudera provides an Impala ODBC driver for Windows and Linux platforms.  This driver has some quirks.</p>

<p>The most significant quirk is that version 2.5.20 (and probably other versions) for Linux ship linked against libsasl2.so.2.  This library can be found on RedHat Enterprise 6 (or CentOS 6) but modern Linux systems have moved on to newer versions.  To use the driver, it is necessary to get a copy of libsasl2.so.2.0.23 (or a similar version) from an old enough system, install it in an appropriate lib directory, and create libsasl2.so.2 as a symlink to it in that same directory.</p>

<p>In this example, SQL Relay is configured to connect to a Impala database via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;session&gt;</font></b>
			<b><font color="#0000FF">&lt;start&gt;</font></b>
				<b><font color="#0000FF">&lt;runquery&gt;</font></b>
				use default
				<b><font color="#0000FF">&lt;/runquery&gt;</font></b>
				<b><font color="#0000FF">&lt;runquery&gt;</font></b>
				select 1
				<b><font color="#0000FF">&lt;/runquery&gt;</font></b>
			<b><font color="#0000FF">&lt;/start&gt;</font></b>
		<b><font color="#0000FF">&lt;/session&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=impala;overrideschema=%;unicode=no"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The contents of the session tag work around a quirk.  Normally the schema would be selected by setting the db option of the string attribute of the connection tag, but this doesn't work at all.  Running the "use default" query at the beginning of the session helps.  But, it appears that the schema isn't actually selected until the first query is run.  So, the "select 1" query immediately following the use query solves this.</p>

<p>The overrideschema option in the string attribute of the connection tag works around yet another quirk.  When running "show tables" or "describe" queries, the database needs "%" (the SQL wildcard) to be passed in as the schema for the table names.</p>

<p>The driver also doesn't support unicode, so the unicode=no option in the string attribute of the connection tag tells SQL Relay not to try.</p>

<p>Note that there are no user/password options in the string attribute of the connection tag.  Impala supports several different authentication mechanisms, but by default, it allows unauthenticated access to the database (AuthMech=0).  This can be configured in the DSN though, and if a user/password authentication mechansim is selected, then the standard user/password options can be included.</p>

<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>impala<font color="#990000">]</font>
Description<font color="#990000">=</font>Cloudera ODBC Driver <font color="#008080">for</font> <b><font color="#000000">Impala</font></b> <font color="#990000">(</font><font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">)</font> DSN
Driver<font color="#990000">=</font>Cloudera ODBC Driver <b><font color="#0000FF">for</font></b> Impala <font color="#993399">64</font><font color="#990000">-</font>bit
HOST<font color="#990000">=</font>impalaserver
PORT<font color="#990000">=</font><font color="#993399">21050</font>
Database<font color="#990000">=</font>impaladb
AuthMech<font color="#990000">=</font><font color="#993399">0</font>
UID<font color="#990000">=</font><b><font color="#0000FF">default</font></b>
PWD<font color="#990000">=</font>
TSaslTransportBufSize<font color="#990000">=</font><font color="#993399">1000</font>
RowsFetchedPerBlock<font color="#990000">=</font><font color="#993399">10000</font>
SocketTimeout<font color="#990000">=</font><font color="#993399">0</font>
StringColumnLength<font color="#990000">=</font><font color="#993399">32767</font>
UseNativeQuery<font color="#990000">=</font><font color="#993399">0</font></tt></pre>

</blockquote>
<p>The Driver parameter refers to an entry in the odbcinst.ini file (usually /etc/odbcinst.ini) which identifies driver files:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>Cloudera ODBC Driver <b><font color="#0000FF">for</font></b> Impala <font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">]</font>
Description<font color="#990000">=</font>Cloudera ODBC Driver <font color="#008080">for</font> <b><font color="#000000">Impala</font></b> <font color="#990000">(</font><font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">)</font>
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>cloudera<font color="#990000">/</font>impalaodbc<font color="#990000">/</font>lib<font color="#990000">/</font><font color="#993399">64</font><font color="#990000">/</font>libclouderaimpalaodbc64<font color="#990000">.</font>so</tt></pre>

</blockquote>
<p>(Note that the odbc.ini and odbcinst.ini files must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<br/><a name="db-odbc-redshift"/><h3>Amazon Redshift (via ODBC)</h3>

<p>Amazon Redshift is a cloud-hosted data warehouse service.  Amazon provides a Redshift ODBC driver for Windows and Linux platforms.  This driver (or perhaps Redshift itself) has some quirks.</p>

<p>In this example, SQL Relay is configured to connect to a Redshift database via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font> <font color="#009900">ignoreselectdatabase</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=redshift;user=redshiftuser;password=redshiftpassword;overrideschema=public"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The ignoreselectdatabase="yes" attribute of the instance tag works around a quirk.  It instructs SQL Relay to ignore "use database" queries, or other attempts to select the current database/schema.  These options tend to put the connection outside of any database/schema, and unable to return to the desired database/schema.</p>

<p>The overrideschema option in the string attribute of the connection tag works around another quirk.  When running "show tables" or "describe" queries, the database needs "public" to be passed in as the schema for the table names.</p>

<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>redshift<font color="#990000">]</font>
Driver<font color="#990000">=</font><font color="#008080">Amazon</font> <b><font color="#000000">Redshift</font></b> <font color="#990000">(</font>x64<font color="#990000">)</font>
Host<font color="#990000">=</font>redshifthost
Database<font color="#990000">=</font>redshiftdb
Username<font color="#990000">=</font>redshiftuser
Password<font color="#990000">=</font>redshiftpassword</tt></pre>

</blockquote>
<p>The Driver parameter refers to an entry in the odbcinst.ini file (usually /etc/odbcinst.ini) which identifies driver files:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font><font color="#008080">Amazon</font> <b><font color="#000000">Redshift</font></b> <font color="#990000">(</font>x64<font color="#990000">)]</font>
Description<font color="#990000">=</font>Amazon Redshift <font color="#008080">ODBC</font> <b><font color="#000000">Driver</font></b> <font color="#990000">(</font><font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">)</font>
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>amazon<font color="#990000">/</font>redshiftodbc<font color="#990000">/</font>lib<font color="#990000">/</font><font color="#993399">64</font><font color="#990000">/</font>libamazonredshiftodbc64<font color="#990000">.</font>so</tt></pre>

</blockquote>
<p>(Note that the odbc.ini and odbcinst.ini files must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<br/><a name="db-postgresql-redshift"/><h3>Amazon Redshift (via PostgreSQL)</h3>

<p>Amazon Redshift is a cloud-hosted data warehouse service.  Since it is based on PostgreSQL 8, it is possible to connect to a Redshift instance using the PostgreSQL client library.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">ignoreselectdatabase</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"host=redshifthost;port=5439;user=redshiftuser;password=redshiftpassword;db=redshiftdb;typemangling=lookup;tablemangling=lookup"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The ignoreselectdatabase="yes" attribute of the instance tag works around a quirk.  It instructs SQL Relay to ignore "use database" queries, or other attempts to select the current database/schema.  These options tend to put the connection outside of any database/schema, and unable to return to the desired database/schema.</p>

<p>The port option in the string attribute of the connection tag instructs SQL Relay to connect to the Redshift default port of 5439 rather than the PostgreSQL default port of 5432.</p>

<p>The typemangling and tablemangling options in the string attribute of the connection tag instruct SQL Relay to return data type and table names rather than data type and table object ID's (the default for PostgreSQL)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid PostgreSQL connect string options.</p>

<br/><a name="db-odbc-athena"/><h3>Amazon Athena (via ODBC)</h3>

<p>Amazon Athena is an SQL interface to data stored in Amazon S3.  Simba provides an Athena ODBC driver for Windows and Linux platforms.  This driver (or perhaps Athena itself) has some quirks.</p>

<p>In this example, SQL Relay is configured to connect to a Athena database via ODBC.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"odbc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"dsn=athena;user=RDXDE23X56D9822FFGE3;password=uEEmF+RDexoXpqTD5MiP3421emYP2M+4Rqo6GHio;overrideschema=athenadb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Note the odd user and password options in the string attribute of the connection tag.</p>

<p>Note also that the db option is missing from the string attribute of the connection tag.  The schema must be set in the DSN, and setting it in the connection string doesn't override the one set in the DSN.</p>

<p>The overrideschema option in the string attribute of the connection tag works around a quirk.  The database tends to report the current schema as something other than "athenadb", but when running "show tables" or "describe" queries, the database wants "athenadb" to be passed in as the schema for the table names.</p>

<p>The dsn option in the string attribute of the connection tag refers to an ODBC DSN (Data Source Name).</p>

<p>On Windows platforms, the DSN is an entry in the Windows Registry, created by the ODBC Data Source Administrator (look for "Set up ODBC data sources" in the Control Panel or just run odbcad32.exe).</p>

<p>On Linux and Unix platforms, the DSN is an entry in the odbc.ini file (usually /etc/odbc.ini).</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>athena<font color="#990000">]</font>
Description<font color="#990000">=</font>Simba Athena <font color="#008080">ODBC</font> <b><font color="#000000">Driver</font></b> <font color="#990000">(</font><font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">)</font> DSN
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>simba<font color="#990000">/</font>athenaodbc<font color="#990000">/</font>lib<font color="#990000">/</font><font color="#993399">64</font><font color="#990000">/</font>libathenaodbc_sb64<font color="#990000">.</font>so
AwsRegion<font color="#990000">=</font>us<font color="#990000">-</font>east<font color="#990000">-</font><font color="#993399">1</font>
Schema<font color="#990000">=</font>athenadb
S3OutputLocation<font color="#990000">=</font>s3<font color="#990000">:</font><i><font color="#9A1900">//athenadata/</font></i>
UID<font color="#990000">=</font>RDXDE23X56D9822FFGE3
PWD<font color="#990000">=</font>uEEmF<font color="#990000">+</font>RDexoXpqTD5MiP3421emYP2M<font color="#990000">+</font>4Rqo6GHio</tt></pre>

</blockquote>
<p>The Driver parameter refers to an entry in the odbcinst.ini file (usually /etc/odbcinst.ini) which identifies driver files:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>Simba Athena ODBC Driver <font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">]</font>
Description<font color="#990000">=</font>Simba Athena <font color="#008080">ODBC</font> <b><font color="#000000">Driver</font></b> <font color="#990000">(</font><font color="#993399">64</font><font color="#990000">-</font>bit<font color="#990000">)</font>
Driver<font color="#990000">=/</font>opt<font color="#990000">/</font>simba<font color="#990000">/</font>athenaodbc<font color="#990000">/</font>lib<font color="#990000">/</font><font color="#993399">64</font><font color="#990000">/</font>libathenaodbc_sb64<font color="#990000">.</font>so</tt></pre>

</blockquote>
<p>(Note that the odbc.ini and odbcinst.ini files must be readable by the user that the instance of SQL Relay runs as.)</p>

<p>See the <a href="configreference.html#odbc">SQL Relay Configuration Reference</a> for other valid ODBC connect string options.</p>

<br/><a name="db-odbc"/><h3>Generic ODBC</h3>

<p>ODBC can be used to access many databases for which SQL Relay has no native support.</p>

<p>Accessing a database via an ODBC driver usually involves:</p>

<ul>
  <li>Installing the driver</li>
  <li>Creating a DSN</li>
  <ul>
    <li>On Windows this is done via a control panel</li>
    <li>On Linux/Unix it is done by adding entries to the odbc.ini and sometimes odbcinst.ini files</li>
  </ul>

  <li>Creating an instance of SQL Relay with dbase="odbc" which refers to the DSN, optionally specifying the user and password</li>
</ul>

<p>See the examples above for more details.  It should be possible to adapt one of them to the ODBC driver that you would like to use.</p>

<p>Note that many ODBC drivers have quirks.  Many of the examples above demonstrate ways of working around some of these quirks.</p>

<br/><a name="dbconnections"/><h2>Database Connections</h2>

<p>By default, SQL Relay opens and maintains a pool of 5 <a href="../features/connectionpooling.html">persistent database connections</a>, but the number of connections can be configured using the connections attribute.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">connections</font><font color="#990000">=</font><font color="#FF0000">"10"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The number of connections determines how many client applications can access the database simultaneously.  In this example, up to 10, assuming each client only needs one connection.  Additional clients would be queued and would have to wait for one of the first 10 to disconnect before being able to access the database.</p>

<blockquote>
  <p>( <b>NOTE:</b> Any number of connections may be configured, up to an "absolute max connections" limit defined at compile-time, which defaults to 4096.  To find the limit on your system, run:</p>

  <blockquote>
    <pre>sqlr-start -abs-max-connections
</pre>

  </blockquote>
The command above also returns the "shmmax requirement" for the configuration.  "shmmax" refers to the maximum size of a single shared memory segment, a tunable kernel parameter on most systems.  The default shmmax requirement is about 5mb.  On modern systems, shmmax defaults to at least 32mb, but on older systems it commonly defaulted to 512k.  In any case, if the shmmax requirement exceeds the value of your system's shmmax parameter, then you will have to reconfigure the parameter before SQL Relay will start successfully.   This may be done at runtime on most modern systems, but on older systems you may have to reconfigure and rebuild the kernel, and reboot.)
</blockquote>
<a name="dbconnections-performance"/><h3>For Performance</h3>

<p>In a performance-oriented configuration, a good rule of thumb is to open as many connections as you can.  That number is usually environment-specific, and dictated by database, system and network resources.</p>

<a name="dbconnections-throttling"/><h3>For Throttling</h3>

<p>If you intend to <a href="../features/throttling.html">throttle</a> database access to a particular application, then you may intentionally configure a small number of connections.</p>

<br/><a name="dbcursors"/><h2>Database Cursors</h2>

<p>Database cursors are used to execute queries and step through result sets.  Most applications only need to use one cursor at a time.  Some apps require more though, either because they run nested queries, or sometimes because they just don't properly free them.</p>

<p>SQL Relay maintains persistent cursors as well as connections.  By default, each connection opens one cursor, but the number of cursors opened by each connection can be configured using the cursors attribute.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">connections</font><font color="#990000">=</font><font color="#FF0000">"10"</font> <font color="#009900">cursors</font><font color="#990000">=</font><font color="#FF0000">"2"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Any number of cursors can be opened.  A good rule of thumb is to open as few as possible, but as many as you know that your application will need.</p>

<blockquote>
( <b>NOTE:</b> The documentation above says that by default, each connection opens one cursor, and this is true, but it would be more accurate to say that by default each connection opens one cursor, but will open additional cursors on-demand, up to 5.  This is because it is common for an app to run at least one level of nested queries.  For example, it is common to run a select and then run an insert, update, or delete for each row in the result set.  Unfortunately, it is also not uncommon for apps to just manage cursors poorly.  So, SQL Relay's default configuration offers a bit of flexibility to accommodate these circumstances.  See the next section on Dynamic Scaling for more information about configuring connections and cursors to scale up and down on-demand.)
</blockquote>
<br/><br/><a name="dynamicscaling"/><h2>Dynamic Scaling</h2>

<p>Both connections and cursors can be configured to scale dynamically - open on demand and then die off when no longer needed.  This feature is useful if you have spikes in traffic during certain times of day or if your application has a few modules that occasionally need more cursors than usual.</p>

<p>The maxconnections and maxcursors attribute define the upper bounds.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">connections</font><font color="#990000">=</font><font color="#FF0000">"10"</font> <font color="#009900">maxconnections</font><font color="#990000">=</font><font color="#FF0000">"20"</font> <font color="#009900">cursors</font><font color="#990000">=</font><font color="#FF0000">"2"</font> <font color="#009900">maxcursors</font><font color="#990000">=</font><font color="#FF0000">"10"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, 10 connections will be started initially but more will be be started on-demand, up to 20.  Each of the newly spawned connections will die off if they are inactive for longer than 1 minute.</p>

<p>In this example, each connection will initially open 2 cursors but more will be opened on-demand, up to 10.  Each newly opened cursor will be closed as soon as it is no longer needed.</p>

<p>Other attributes that control dynamic scaling behavior include:</p>

<ul>
  <li>maxqueuelength</li>
  <li>growby</li>
  <li>ttl</li>
  <li>cursors_growby</li>
</ul>

<p>See the <a href="configreference.html">SQL Relay Configuration Reference</a> for more information on these attributes.</p>

<br/><a name="listener"/><h2>Listener Configuration</h2>

<p>By default, SQL Relay listens for client connections on port 9000, on all available network interfaces.</p>

<p>It can be configured to listen on a different port though...</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9001"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>...and accessed using:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -port 9001 -user scott -password tiger
</pre>

</blockquote>
<p>It can also be configured to listen on a unix socket...</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/example.socket"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;/listener&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>(Note that the user that SQL Relay runs as must be able to read and write to the path of the socket.)</p>

<p>...and accessed from the local server using:</p>

<blockquote>
  <pre>sqlrsh -socket /tmp/example.socket -user scott -password tiger
</pre>

</blockquote>
<p>If the server has multiple network interfaces, SQL Relay can also be configured to listen on specific IP addresses.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">addresses</font><font color="#990000">=</font><font color="#FF0000">"192.168.1.50,192.168.1.51"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>When configured this way, it can be accessed on 192.168.1.50 and 192.168.1.51 but not on 127.0.0.1 (localhost).</p>

<p>If the socket option is specified but port and addresses options are not, then SQL Relay will only listen on the socket.  If addresses/port and socket options are both specified then it listens on both.</p>

<br/><a name="instances"/><h2>Multiple Instances</h2>

<p>Any number of SQL Relay instances can be defined in the configuration file.</p>

<p>In following example, instances that connect to Oracle, SAP/Sybase and DB2 are defined in the same file.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"oracleexample"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9000"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sapexample"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9001"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"db2example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"db2"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9002"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"db=db2db;user=db2inst1;password=db2inst1pass;lang=C;connecttimeout=0"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>These instances can be started using:</p>

<blockquote>
  <pre>sqlr-start -id oracleexample
sqlr-start -id sapexample
sqlr-start -id db2example
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>...and accessed using:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -port 9000
sqlrsh -host sqlrserver -port 9001
sqlrsh -host sqlrserver -port 9002
</pre>

</blockquote>
<br/><a name="autostart"/><h2>Starting Instances Automatically</h2>

<p>In all previous examples sqlr-start has been called with the -id option, specifying which instance to start.  If sqlr-start is called without the -id option then it will start all instances configured with the enabled attribute set to yes.</p>

<p>For example, if the following instances are defined...</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"oracleexample"</font> <font color="#009900">enabled</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9000"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sapexample"</font> <font color="#009900">enabled</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9001"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"db2example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"db2"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9002"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"db=db2db;user=db2inst1;password=db2inst1pass;lang=C;connecttimeout=0"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>...then calling sqlr-start without the -id parameter will start oracleexample and sapexample because enabled="yes" is configured for those instances.  db2example will not be started because enabled="yes" is not configured for that instance.</p>

<p>When installed on most platforms, SQL Relay creates a systemd service file (usually in /usr/lib/systemd/system or /lib/systemd/system) or an init script in the appropriate place under /etc.  These call sqlr-start with no -id option.  If configured to run at boot, they will start all instances for which enabled="yes" is configured.</p>

<p>How to enable the service file or init script depends on what platform you are using.</p>

<p>On systemd-enabled Linux, this usually involves running:</p>

<blockquote>
systemctl enable sqlrelay.service
</blockquote>
<p>On non-systemd-enabled Linux, Solaris, SCO and other non-BSD Unixes, this usually involves creating a symlink from /etc/init.d/sqlrelay to /etc/rc3.d/S85sqlrelay.  This can be done manually, but most platforms provide utilities to do it for you.</p>

<p>Redhat-derived Linux distributions have a chkconfig command that can do this for you:</p>

<blockquote>
chkconfig --add sqlrelay
</blockquote>
<p>Debian-derived Linux distributions provide the update-rc.d command:</p>

<blockquote>
update-rc.d sqlrelay defaults
</blockquote>
<p>Solaris provides svcadm:</p>

<blockquote>
svcadm enable sqlrelay
</blockquote>
<p>On FreeBSD you must add a line to /etc/rc.conf like:</p>

<blockquote>
sqlrelay_enabled=YES
</blockquote>
<p>On NetBSD you must add a line to /etc/rc.conf like:</p>

<blockquote>
sqlrelay=YES
</blockquote>
<p>On OpenBSD you must add a line to /etc/rc.conf like:</p>

<blockquote>
sqlrelay_flags=""
</blockquote>
<hr/>

<br/><a name="protocoloptions"/><h1>Client Protocol Options</h1>

<p>Whether written using the native SQL Relay API, or a connector of some sort, SQL Relay apps generally communicate with SQL Relay using <i>SQLRClient</i>, the native SQL Relay client-server protocol.</p>

<p><img src="../images/sqlrelaynativeprotocol.png"/></p>

<p>However, SQL Relay also supports the MySQL and PostgreSQL client-server protocols.  When SQL Relay is configured to use one of these, it allows MySQL/MariaDB and PostgreSQL apps to communicate directly with SQL Relay without modification, without having to install any software on the client.</p>

<p><img src="../images/sqlrelaymysqlprotocol.png"/></p>

<p><img src="../images/sqlrelaypostgresqlprotocol.png"/></p>

<p>In these configurations, SQL Relay becomes a transparent proxy.  MySQL/MariaDB or PostgreSQL apps aimed at SQL Relay still think that they're talking to a MySQL/MariaDB or PostgreSQL database, but in fact, are talking to SQL Relay.</p>

<br/><a name="sqlrclientprotocol"/><h2>SQLRClient Protocol</h2>

<p>SQLRClient is the native SQL Relay protocol, enabled by default.  The example configurations above and throughout most of the rest of the guide configure SQL Relay to speak this protocol.</p>

<p>If an instance speaks the SQLRClient client-server protocol, then any client that wishes to use it must also speak the SQLRClient client-server protocol.  This means that most software written using the SQL Relay native API, or written using a database abstraction layer which loads a driver for SQL Relay can access this instance.  However, it also means that client programs for other databases (eg. the mysql, psql, and sqlplus command line programs, MySQL Workbench, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<a name="sqlrclientconfiguration"/><h3>Basic Configuration</h3>

<p>SQLRClient is the native SQL Relay protocol, no special tags or attributes are required to enable it.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this configuration:</p>

<ul>
  <li>The connection tag instructs the instance to log in to the <i>orcl</i> database as user <i>scott</i> with password <i>tiger</i>.</li>
  <li>By default, SQL Relay loads the <i>sqlrclient</i> protocol module, and listens on port 9000.</li>
</ul>

<p>The instance can be started using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>start <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>and accessed from the local machine using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlrsh <font color="#990000">-</font><font color="#008080">host</font> localhost <font color="#990000">-</font><font color="#008080">user</font> scott <font color="#990000">-</font>password tiger</tt></pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> By default, the user and password used to access SQL Relay are the same as the user and password that SQL Relay is configured to use to access the database.  That is, they are the values of the user and password parameters of the string attribute of the connection tag. )
</blockquote>
<p>By default, SQL Relay listens on all available network interfaces, on port 9000, and can be accessed remotely by hostname.  For example, if the server running SQL Relay is named <i>sqlrserver</i> then it can be accessed from another system using:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -user scott -password tiger
</pre>

</blockquote>
<p>The instance can be stopped using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>stop <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>Since this instance speaks the SQLRClient client-server protocol, any client that wishes to use it must also speak the SQLRClient client-server protocol.  This means that software written using the SQL Relay native API, or written using a database abstraction layer which loads a driver for SQL Relay can access this instance.  However, it also means that client programs for other databases (eg. the mysql, psql, and sqlplus command line programs, MySQL Workbench, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<a name="sqlrclientlistener"/><h3>Listener Options</h3>

<p>By default, SQL Relay listens on port 9000.</p>

<p>However, it can be configured to listen on a different port.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9001"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>If the server has multiple network interfaces, SQL Relay can also be configured to listen on specific IP addresses.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">addresses</font><font color="#990000">=</font><font color="#FF0000">"192.168.1.50,192.168.1.51"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In the example above, it can be accessed on 192.168.1.50 and 192.168.1.51 but not on 127.0.0.1 (localhost).</p>

<p>It can also be configured to listen on a unix socket by adding a <i>socket</i> attribute to the listener tag.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/example.socket"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;/listener&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>(Note that the user that SQL Relay runs as must be able to read and write to the path of the socket.)</p>

<p>If the socket option is specified but the port option is not, then SQL Relay will only listen on the socket.  If port and socket options are both specified then it listens on both.</p>

<a name="sqlrclientauth"/><h3>Authentication/Encryption Options</h3>

<p>When using the SQLRClient protocol, there are several options for controlling which users are allowed to access an instance of SQL Relay.</p>

<a name="sqlrclientconnectstringsauth"/><h3>Connect Strings Auth</h3>

<p>The default authentication option is <i>connect strings</i> auth.</p>

<p>When connect strings authentication is used, a user is authenticated against the set of user/password combinations that SQL Relay is configured to use to access the database.  That is, they are the values of the user and password parameters of the string attribute of the connection tag.</p>

<p>In the following example, SQL Relay is configured to access the database using scott/tiger credentials.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, clients would also use scott/tiger credentials to access SQL Relay.</p>

<p>Though it is not necessary, it is possible to explicitly configure SQL Relay to load the <i>connect strings</i> auth module as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrelay_connectstrings"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<a name="sqlrclientuserlistauth"/><h3>User List Auth</h3>

<p>Another popular authentication option is <i>user list</i> auth.</p>

<p>When user list authentication is used, a user is authenticated against a static list of user/password combinations, which may be different than the user/password used that SQL Relay uses to access the database.</p>

<p>To enable user list auth, you must provide a list of user/password combinations, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"onepassword"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"anotherpassword"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"yetanotherpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>If you would prefer not to include passwords directly in the config file, then you can put them in external files, and enclose the full path of each file in square brackets as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/oneuser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/anotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/yetanotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example...</p>

<p>The contents of the file /usr/local/firsworks/etc/oneuser.pwd would be used to authenticate oneuser, and would contain the text:</p>

<blockquote>
  <pre>onepassword
</pre>

</blockquote>
<p>The contents of the file /usr/local/firsworks/etc/anotheruser.pwd would be used to authenticate anotheruser, and would contain the text:</p>

<blockquote>
  <pre>anotherpassword
</pre>

</blockquote>
<p>The contents of the file /usr/local/firsworks/etc/yetanotheruser.pwd would be used to authenticate yetanotheruser, and would contain the text:</p>

<blockquote>
  <pre>yetanotherpassword
</pre>

</blockquote>
<p>This approach is useful if you want to give the files containing the passwords more restrictive permissions than the config file itself, or possibly for other reasons.</p>

<p>( <b>NOTE:</b> Trailing whitespace is ignored when passwords are stored in external files.)</p>

<p>If you would prefer not to use full pathnames inside of each set of square brackets, then you can  specify a <i>passwordpath</i> attribute in the instance tag, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <font color="#009900">passwordpath</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc"</font><b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[oneuser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[anotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[yetanotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, the path /usr/local/firstworks/etc will be searched for the files oneuser.pwd, anotheruser.pwd, and yetanotheruser.pwd.</p>

<a name="sqlrclientdbauth"/><h3>Database Auth</h3>

<p>Another popular authentication option is <i>database</i> auth.</p>

<p>When database authentication is used, a user is authenticated against the database itself.  SQL Relay does this by checking the provided credentials against the credentials that are currently in use.  If they differ, then it logs out of the database and logs back in using the provided credentials.</p>

<p>To enable database auth, configure SQL Relay to load the <i>database</i> auth module as follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_database"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> Database authentication should not be used in an instance where dbase="router".  It's OK for the instances that the router routes to to use it, but the router instance itself should not.  If database authentication is used for that instance, then authentication will fail.)
<br/><br/>
( <b>NOTE:</b> Prior to version 0.65.0, the "database" authentication method defaulted to the behavior of the "proxied" authentication method and fell back to the current behavior if the proxied behavior was unsupported.  There was no way to force this behavior.  As of 0.65.0 the funcationality is split into two separate modules.)
</blockquote>
<a name="sqlrclientproxiedauth"/><h3>Proxied Auth</h3>

<p>Another authentication option is <i>proxied</i> auth.</p>

<p>When proxied authentication is used, a user is authenticated against the database itself, though in a different manner than datbase authentication described above.  SQL Relay logs into the database as a user with permissions to proxy other users.  For each client session, SQL Relay checks the provided credentials against the credentials that are currently in use.  If they differ, then it asks the proxy user to switch the user it's proxying to the provided user.</p>

<p>This is currently only supported with Oracle (version 8i or higher) and requires database configuration.  See <a href="oraclentier.html">this document</a> for more information including instructions for configuring Oracle.</p>

<p>To enable proxied auth, configure SQL Relay to load the <i>proxied</i> auth module as follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_proxied"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> Proxied authentication should not be used in an instance where dbase="router".  It's OK for the instances that the router routes to to use it, but the router instance itself should not.  If proxied authentication is used for that instance, then authentication will fail.)
</blockquote>
<a name="sqlrclientkrb"/><h3>Kerberos and Active Directory Encryption and Authentication</h3>

<p>SQL Relay supports Kerberos encryption and authentication between the SQL Relay client and SQL Relay Server.</p>

<p>When Kerberos encryption and authentication is used:</p>

<ul>
  <li>All communications between the SQL Relay client and SQL Relay server are encrypted.</li>
  <li>A user who has authenticated against a Kerberos KDC or Active Directory Domain Controller can access SQL Relay without having to provide additional credentials.</li>
</ul>

<p>On Linux and Unix systems, both server and client environments must be "Kerberized".  On Windows systems, both server and client must join an Active Directory Domain.  Note that this is only available on Professional or Server versions of Windows.  Home versions cannot join Active Directory Domains.</p>

<p>The following configuration configures an instance of SQL Relay to use Kerberos authentication and encryption:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">krb</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">krbservice</font><font color="#990000">=</font><font color="#FF0000">"sqlrelay"</font> <font color="#009900">krbkeytab</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrelay.keytab"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listener&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"dmuse@KRB.FIRSTWORKS.COM"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"kmuse@KRB.FIRSTWORKS.COM"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"imuse@KRB.FIRSTWORKS.COM"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"smuse@KRB.FIRSTWORKS.COM"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"FIRSTWORKS.COM\dmuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"FIRSTWORKS.COM\kmuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"FIRSTWORKS.COM\imuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"FIRSTWORKS.COM\smuse"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>krb</b> attribute enables (or disables) Kerberos authentication and encryption.</li>
  <li>The <b>krbservice</b> attribute specifies which Kerberos service to use.  This attribute is optional and defaults to "sqlrelay".  It is only shown here for illustrative purposes.</li>
  <li>The <b>krbkeytab</b> attribute specifies the location of the keytab file containing the key for the specified Kerberos service.  This attribute is not required on Windows.  On Linux or Unix systems if this paramter is omitted, then it defaults to the system keytab, usually /etc/krb5.keytab</li>
  <li>User list authentication is also used.  Other authentication methods are not currently supported with Kerberos.</li>
</ul>

<p>Note that no passwords are required in the user list.  Note also that users are specified in both user@REALM (Kerberos) format and REALM\user (Active Directory) format to support users authenticated against both systems.</p>

<p>To start the instance on a Linux or Unix system, you must be logged in as a user that can read the file specified by the krbkeytab attribute.</p>

<p>To start the instance on a Windows system, you must be logged in as a user that can proxy the service specified by the krbservice attribute (or it's default value of "sqlrelay" if omitted).</p>

<p>If those criteria are met, starting the Kerberized instance of SQL Relay is the same as starting any other instance:</p>

<blockquote>
  <pre>sqlr-start -id example
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>To access the instance, you must acquire a Kerberos ticket-granting ticket.  On a Linux or Unix system, this typically involves running <i>kinit</i>, though a fully Kerberized environment may acquire this during login.  On a Windows system, you must log in as an Active Directory domain user.</p>

<p>After acquiring the ticket-granting ticket, the instance of SQL Relay may be accessed from a Linux or Unix system as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -krb
</pre>

</blockquote>
<p>From a Windows system, it may be necessary to specify the fully qualified Kerberos service name as well:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -krb -krbservice sqlrelay/sqlrserver.firstworks.com@AD.FIRSTWORKS.COM
</pre>

</blockquote>
<p>Note the absence of user and password parameters.</p>

<p>Kerberos authentication establishes trust between the user who acquired the ticket-granting ticket (the user running the client program) and the service (the SQL Relay server) as follows:</p>

<ul>
  <li>The client program uses the user's ticket-granting ticket to acquire a ticket for the sqlrelay service.</li>
  <li>The client program then uses this service ticket to establish a security context with the SQL Relay server.</li>
  <li>During this process the client program sends the SQL Relay server the user name that was used to acquire the original ticket-granting ticket.</li>
  <li>If the security context can be successfully established, then the SQL Relay server can trust that the client program is being run by the user that it says it is.</li>
</ul>

<p>Once the SQL Relay server trusts that the client is being run by the user that it says it is, the user is authenticated against the list of users.</p>

<p>While Kerberos authenticated and encrypted sessions are substantially more secure than standard SQL Relay sessions, several factors contribute to a performance penalty:</p>

<ul>
  <li>The client program may have to acquire a service ticket from another server (the Kerberos KDC or Active Directory Domain Controller) prior to connecting to the SQL Relay server.</li>
  <li>When establishing the secure session, a significant amount of data must be sent back and forth between the client and server over multiple network round-trips.</li>
  <li>Kerberos imposes a limit on the amount of data that can be sent or received at once, so more round trips may be required when processing queries.</li>
  <li>Without dedicated encryption hardware and a Kerberos implementation that supports it, the computation involved in encrypting and decrypting data can also introduce delays.</li>
</ul>

<p>Any kind of full session encryption should be used with caution in performance-sensitive applications.</p>

<a name="sqlrclienttls"/><h3>TLS/SSL Encryption and Authentication</h3>

<p>SQL Relay supports TLS/SSL encryption and authentication between the SQL Relay client and SQL Relay Server.</p>

<p>When TLS/SSL encryption and authentication is used:</p>

<ul>
  <li>All communications between the SQL Relay client and SQL Relay server are encrypted.</li>
  <li>SQL Relay clients and servers may optionally validate each other's certificates and identities.</li>
</ul>

<p>When using TLS/SSL encryption and authentication, at minimum, the SQL Relay server must be configured to load a certificate.  For highly secure production environments, this certificate should come from a trusted certificate authority.  In other environments the certificate may be self-signed, or even be borrowed from another server.</p>

<h3>Encryption Only</h3>

<p>The following configuration enables TLS/SSL encryption for an instance of SQL Relay:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">tls</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">tlscert</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrserver.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>tls</b> attribute enables (or disables) TLS/SSL encryption.</li>
  <li>The <b>tlscert</b> attribute specifies the TLS/SSL certificate chain to use.</li>
  <ul>
    <li>(a .pem file is specified in this example, but on Windows systems, a .pfx file or Windows Certificate Store reference must be used. See <a href="tlscert.html">The tlscert Parameter</a> for details.)</li>
  </ul>

  <li>User list authentication is also used.  Other authentication methods are not currently supported with TLS/SSL.</li>
</ul>

<p>To start the instance on a Linux or Unix system, you must be logged in as a user that can read the file specified by the tlscert attribute.  If that criterium is met then the instance can be started using:</p>

<blockquote>
  <pre>sqlr-start -id example
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>The instance may be accessed as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -user scott -password tiger -tls -tlsvalidate no
</pre>

</blockquote>
<p>This establishes a TLS/SSL-encrypted session but does not validate the server's certificate or identity.  The session will only continue if the server's certificate is is well-formed and hasn't expired, <b>but the client is still vulnerable to various attacks</b>.</p>

<h3>Certificate Validation</h3>

<p>For a more secure session, the client may validate that the server's certificate was signed by a trusted certificate authority, known to the system, as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -user scott -password tiger -tls -tlsvalidate ca
</pre>

</blockquote>
<p>If the server's certificate is self-signed, then the certificate authority won't be known to the system, but it's certificate may be specified by the tlsca parameter as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -user scott -password tiger -tls -tlsvalidate ca -tlsca /usr/local/firstworks/etc/myca.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>This establishes a TLS/SSL-encrypted session with the server and validates the server's certificate, but does not validate the server's identity.  The session will only continue if the server's certificate is valid, <b>but the client is still vulnerable to various attacks</b>.</p>

<h3>Host Name Validation</h3>

<p>For a more secure session, the client may validate that the host name provided by the server's certificate matches the host name that the client meant to connect to, as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver.firstworks.com -user scott -password tiger -tls -tlsvalidate ca+host -tlsca /usr/local/firstworks/etc/myca.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>Note that the fully qualified host name was provided.  Note also the use of the ca+host value for the tlsvalidate parameter.  With these parameters, in addition to validating that the server's certificate was signed by a trusted certificate authority, the host name will also be validated.  If the certificate contains Subject Alternative Names, then the host name will be compared to each of them.  If no Subject Alternative Names are provided then the host name will be compared to the certificate's Common Name.  The session will only continue if the sever's certificate and identity are both valid.</p>

<h3>Domain Name Validation</h3>

<p>Unless self-signed, certificates can be expensive, so certificates are often shared by multiple servers across a domain.  To manage environments like this, the host name validation can be relaxed as follows, to just domain name validation:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver.firstworks.com -user scott -password tiger -tls -tlsvalidate ca+domain -tlsca /usr/local/firstworks/etc/myca.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>Note that the fully qualified host name was provided.  Note also the use of the ca+domain value for the tlsvalidate parameter.  With these parameters, in addition to validating that the server's certificate was signed by a trusted certificate authority, the domain name portion of the host name will also be validated.  If the certificate contains Subject Alternative Names, then the domain name portion of the host name will be compared to the domain name portion of each of them.  If no Subject Alternative Names are provided then the domain name portion of the host name will be compared to the domain name portion of the certificate's Common Name.  The session will only continue if the sever's certificate and domain identity are both valid.</p>

<h3>Mutual Authentication</h3>

<p>For an even more secure session, the server may also request a certificate from the client, validate the certificate, and optionally authenticate the client based on the host name provided by the certificate.</p>

<p>The following configuration enables these checks for an instance of SQL Relay:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">tls</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">tlscert</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrserver.pem"</font>
				<font color="#009900">tlsvalidate</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">tlsca</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/myca.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient1.firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient2.firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient3.firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient4.firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>tlsvalidate</b> attribute enables (or disables) validation that client's certificate was signed by a trusted certificate authority, known to the system, or as provided by the tlsca attribute.</li>
  <li>The <b>tlsca</b> attribute specifies a certificate authority to include when validating the client's certificate.  This is useful when validating self-signed certificates.</li>
  <ul>
    <li>(a .pem file is specified in this example, but on Windows systems, a .pfx file or Windows Certificate Store reference must be used. See <a href="tlsca.html">The tlsca Parameter</a> for details.)</li>
  </ul>

  <li>User list authentication is also used.</li>
</ul>

<p>Note that no passwords are required in the user list.  In this configuration, the Subject Alternative Names in the client's certificate (or Common Name if no SAN's are present) are authenticate against the list of valid names.</p>

<p>Note also that when <b>tlsvalidate</b> is set to "yes", database and proxied authentication cannot currently be used.  This is because database and proxied authentication both require a user name and password but the client certificate doesn't provide either.</p>

<p>To access the instance, the client must provide, at minimum, a certificate chain file (containing the client's certificate, private key, and signing certificates, as appropriate), as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -tls -tlsvalidate no -tlscert /usr/local/firstworks/etc/sqlrclient.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlscert.html">The tlscert Parameter</a> for details.)</p>

<p>Note the absence of user and password parameters.  Rather than passing a user and password, the client passes the specified certificate to the server.  The server trusts that the client is who they say they are by virtue of having a valid certificate and the name provided by the certificate is authenticated against the list of valid names.</p>

<p>In a more likely use case though, mutual authentication occurs - the client validates the server's certificate and the server validates the client's certificate, as follows:</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver.firstworks.com -tls -tlscert /usr/local/firstworks/etc/sqlrclient.pem -tlsvalidate ca+host -tlsca /usr/local/firstworks/etc/myca.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlscert.html">The tlscert Parameter</a> and <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>In this example, the client provides a certificate for the server to validate, validates the host's certificate against the provided certificate authority, and validates the host's identity against the provided host name.</p>

<h3>Performance Considerations</h3>

<p>While TLS/SSL authenticated and encrypted sessions are substantially more secure than standard SQL Relay sessions, several factors contribute to a performance penalty:</p>

<ul>
  <li>When establishing the secure session, a significant amount of data must be sent back and forth between the client and server over multiple network round-trips.</li>
  <li>Some TLS/SSL implementations impose a limit on the amount of data that can be sent or received at once, so more round trips may be required when processing queries.</li>
  <li>Without dedicated encryption hardware and a TLS/SSL implementation that supports it, the computation involved in encrypting and decrypting data can also introduce delays.</li>
</ul>

<p>Any kind of full session encryption should be used with caution in performance-sensitive applications.</p>

<br/><a name="mysqlprotocol"/><h2>MySQL Protocol</h2>

<p>SQL Relay can be configured to speak the native MySQL protocol, enabling client programs for MySQL/MariaDB (eg. the mysql command line program and MySQL Workbench) to access SQL Relay directly.</p>

<p>If an instance speaks the MySQL client-server protocol, then any client that wishes to use it must also speak the MySQL client-server protocol.  This means that most software written using the MySQL API, or written using a database abstraction layer which loads a driver for MySQL can access this instance.  However, it also means that SQL Relay's standard sqlrsh client program and client programs for other databases (eg. the psql, and sqlplus command line programs, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<a name="mysqlconfiguration"/><h3>Basic Configuration</h3>

<p>To enable SQL Relay to speak the MySQL protocol, add the appropriate listener tag:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3307"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this configuration:</p>

<ul>
  <li>The connection tag instructs the instance to log in to the <i>mysqldb</i> database on host <i>mysqlhost</i> as user <i>mysqluser</i> with password <i>mysqlpassword</i>.</li>
  <li>The listener tag instructs SQL Relay to load the <i>mysql</i> protocol module, and listen on port 3307.</li>
</ul>

<p>The instance can be started using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>start <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>and accessed from the local machine using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font><font color="#993399">127.0</font><font color="#990000">.</font><font color="#993399">0.1</font> <font color="#990000">--</font>port<font color="#990000">=</font><font color="#993399">3307</font> <font color="#990000">--</font>user<font color="#990000">=</font>sqlruser <font color="#990000">--</font>password<font color="#990000">=</font>sqlrpassword</tt></pre>

</blockquote>
<p>( <b>NOTE:</b> 127.0.0.1 is used instead of "localhost" because "localhost" instructs the mysql client to use a predefined unix socket.)</p>

<p>By default, SQL Relay listens on all available network interfaces, and can be accessed remotely by hostname.  For example, if the server running SQL Relay is named <i>sqlrserver</i> then it can be accessed from another system using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font>sqlrserver <font color="#990000">--</font>port<font color="#990000">=</font><font color="#993399">3307</font> <font color="#990000">--</font>user<font color="#990000">=</font>sqlruser <font color="#990000">--</font>password<font color="#990000">=</font>sqlrpassword</tt></pre>

</blockquote>
<p>The instance can be stopped using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>stop <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>Since this instance speaks the MySQL client-server protocol, any client that wishes to use it must also speak the MySQL client-server protocol.  This means that most software written using the MySQL API, or written using a database abstraction layer which loads a driver for MySQL can access this instance.  However, it also means that SQL Relay's standard sqlrsh client program and client programs for other databases (eg. the psql, and sqlplus command line programs, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<a name="mysqllistener"/><h3>Listener Options</h3>

<p>In the example above, the instance is configured to listen on port 3307.  The MySQL/MariaDB database typically listens on port 3306, so port 3307 was chosen to avoid collisions with the database itself.</p>

<p>However, if SQL Relay is run on a different server than the database, then it can be configured to run on port 3306.  This is desirable when using SQL Relay as a transparent proxy.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>If the server has multiple network interfaces, SQL Relay can also be configured to listen on specific IP addresses.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">addresses</font><font color="#990000">=</font><font color="#FF0000">"192.168.1.50,192.168.1.51"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In the example above, it can be accessed on 192.168.1.50 and 192.168.1.51 but not on 127.0.0.1 (localhost).</p>

<p>It can also be configured to listen on a unix socket by adding a <i>socket</i> attribute to the listener tag.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/var/lib/mysql/mysql.sock"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>(Note that the user that SQL Relay runs as must be able to read and write to the path of the socket.)</p>

<p>If the socket option is specified but the port option is not, then SQL Relay will only listen on the socket.  If port and socket options are both specified then it listens on both.</p>

<a name="mysqlauth"/><h3>Authentication/Encryption Options</h3>

<p>When using the MySQL protocol, there are several options for controlling which users are allowed to access an instance of SQL Relay.</p>

<a name="mysqlconnectstringsauth"/><h3>Connect Strings Auth</h3>

<p>The default authentication option is <i>connect strings</i> auth.</p>

<p>When connect strings authentication is used, a user is authenticated against the set of user/password combinations that SQL Relay is configured to use to access the database.  That is, they are the values of the user and password parameters of the string attribute of the connection tag.</p>

<p>In the following example, SQL Relay is configured to access the database using mysqlsuer/mysqlpassword credentials.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, clients would also use mysqluser/mysqlpassword credentials to access SQL Relay.</p>

<p>Though it is not necessary, it is possible to explicitly configure SQL Relay to load the <i>connect strings</i> auth module as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"mysql_connectstrings"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<a name="mysqluserlistauth"/><h3>User List Auth</h3>

<p>Another popular authentication option is <i>user list</i> auth.</p>

<p>When user list authentication is used, a user is authenticated against a static list of user/password combinations, which may be different than the user/password used that SQL Relay uses to access the database.</p>

<p>To enable user list auth, you must provide a list of user/password combinations, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"mysql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"onepassword"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"anotherpassword"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"yetanotherpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>If you would prefer not to include passwords directly in the config file, then you can put them in external files, and enclose the full path of each file in square brackets as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"mysql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/oneuser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/anotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/yetanotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example...</p>

<p>The contents of the file /usr/local/firsworks/etc/oneuser.pwd would be used to authenticate oneuser, and would contain the text:</p>

<blockquote>
  <pre>onepassword
</pre>

</blockquote>
<p>The contents of the file /usr/local/firsworks/etc/anotheruser.pwd would be used to authenticate anotheruser, and would contain the text:</p>

<blockquote>
  <pre>anotherpassword
</pre>

</blockquote>
<p>The contents of the file /usr/local/firsworks/etc/yetanotheruser.pwd would be used to authenticate yetanotheruser, and would contain the text:</p>

<blockquote>
  <pre>yetanotherpassword
</pre>

</blockquote>
<p>This approach is useful if you want to give the files containing the passwords more restrictive permissions than the config file itself, or possibly for other reasons.</p>

<p>( <b>NOTE:</b> Trailing whitespace is ignored when passwords are stored in external files.)</p>

<p>If you would prefer not to use full pathnames inside of each set of square brackets, then you can  specify a <i>passwordpath</i> attribute in the instance tag, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">passwordpath</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"mysql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[oneuser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[anotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[yetanotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, the path /usr/local/firstworks/etc will be searched for the files oneuser.pwd, anotheruser.pwd, and yetanotheruser.pwd.</p>

<p>When using SQL Relay as a transparent proxy, it is desirable to define the same set of users that are defined in the database itself.  While this may sound inconvenient, in practice, most apps use a single user to access the database, and it's not uncommon for multiple apps to share a user.  So, the list is typically short.</p>

<a name="mysqldbauth"/><h3>Database Auth</h3>

<p>If the database has a lot of users, or users are added, deleted, or updated regularly, then it might be inconvenient to maintain a duplicate list of users in the configuration file.  In this case, the <i>mysql_database</i> module can be used to authentication users directly against the database.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"mysql_database"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this configuration, SQL Relay initially logs in to the database as <i>mysqluser/mysqlpassword</i> as specified in the connection tag.  But each time a client connects, SQL Relay logs out and attempts to log back in as the user specified by the client, unless the user/password are the same as the current user.</p>

<p>For example, if a client initially connects using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font><font color="#993399">127.0</font><font color="#990000">.</font><font color="#993399">0.1</font> <font color="#990000">--</font>port<font color="#990000">=</font><font color="#993399">3307</font> <font color="#990000">--</font>user<font color="#990000">=</font>mysqluser <font color="#990000">--</font>password<font color="#990000">=</font>mysqlpassword</tt></pre>

</blockquote>
<p>...then SQL Relay doesn't need to log out and log back in.</p>

<p>But if the client then tries to connect using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font><font color="#993399">127.0</font><font color="#990000">.</font><font color="#993399">0.1</font> <font color="#990000">--</font>port<font color="#990000">=</font><font color="#993399">3307</font> <font color="#990000">--</font>user<font color="#990000">=</font>anotheruser <font color="#990000">--</font>password<font color="#990000">=</font>anotherpassword</tt></pre>

</blockquote>
<p>..then SQL Relay does need to log out and log back in.</p>

<p>A subsequent connection using <i>anotheruser/anotherpassword</i> won't require a re-login, but a subsequent connection using any other user/password will.</p>

<p>Though this module is convenient, it has two disadvantages.</p>

<ul>
  <li>Logging in and out of the database over and over partially defeats SQL Relay's persistent connection pooling.</li>
  <li>The mysql_database module requires that the MySQL/MariaDB client send it an unencrypted password.</li>
</ul>

<p>The second disadvantage may or may not be a problem, depending on how secure communications on your network need to be.  However, it may require reconfiguration (or modification) of your app to use the mysql_clear_password auth plugin.  For example, to send an unencrypted password from the mysql command line program:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font><font color="#993399">127.0</font><font color="#990000">.</font><font color="#993399">0.1</font> <font color="#990000">--</font>port<font color="#990000">=</font><font color="#993399">3307</font> <font color="#990000">--</font>user<font color="#990000">=</font>anotheruser <font color="#990000">--</font>password<font color="#990000">=</font>anotherpassword <font color="#990000">--</font><b><font color="#0000FF">default</font></b><font color="#990000">-</font>auth<font color="#990000">=</font>mysql_clear_password</tt></pre>

</blockquote>
<p>Another issue is that some MySQL and MariaDB distributions omit the necessary mysql_clear_password module.  For example, the distributions available in the default CentOS 6 and 7 repositories omit the module.  On these platforms, an alternative distribution of MySQL/MariaDB would have to be installed or built from source.</p>

<a name="mysqltls"/><h3>TLS/SSL Encryption and Authentication</h3>

<p>SQL Relay supports TLS/SSL encryption and authentication between the MySQL/MariaDB client and SQL Relay Server.</p>

<p>When TLS/SSL encryption and authentication is used:</p>

<ul>
  <li>All communications between the MySQL/MariaDB client and SQL Relay server are encrypted.</li>
  <li>MySQL/MariaDB clients and servers may optionally validate each other's certificates and identities.</li>
</ul>

<p>When using TLS/SSL encryption and authentication, at minimum, the SQL Relay server must be configured to load a certificate.  For highly secure production environments, this certificate should come from a trusted certificate authority.  In other environments the certificate may be self-signed, or even be borrowed from another server.</p>

<h3>Encryption Only</h3>

<p>The following configuration enables TLS/SSL encryption for an instance of SQL Relay:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3307"</font> <font color="#009900">tls</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">tlscert</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrserver.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>tls</b> attribute enables (or disables) TLS/SSL encryption.</li>
  <li>The <b>tlscert</b> attribute specifies the TLS/SSL certificate chain to use.</li>
  <ul>
    <li>(a .pem file is specified in this example, but on Windows systems, a .pfx file or Windows Certificate Store reference must be used. See <a href="tlscert.html">The tlscert Parameter</a> for details.)</li>
  </ul>

  <li>User list authentication is also used.  Other authentication methods are not currently supported with TLS/SSL.</li>
</ul>

<p>To start the instance on a Linux or Unix system, you must be logged in as a user that can read the file specified by the tlscert attribute.  If that criterium is met then the instance can be started using:</p>

<blockquote>
  <pre>sqlr-start -id example
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>The instance may be accessed as follows:</p>

<blockquote>
  <pre>mysql --host=sqlrserver --user=sqlruser --password=sqlrpassword --ssl
</pre>

</blockquote>
<p>(The "--ssl" option enables SSL/TLS encryption.  As MySQL predates TLS, and originally used SSL, it's various SSL/TLS-related options all still begin with "--ssl".)</p>

<p>This establishes a TLS/SSL-encrypted session but does not validate the server's certificate or identity.  The session will only continue if the server's certificate is is well-formed and hasn't expired, <b>but the client is still vulnerable to various attacks</b>.</p>

<h3>Certificate Validation</h3>

<p>For a more secure session, the client may validate that the server's certificate was signed by a trusted certificate authority, known to the system, as follows:</p>

<blockquote>
  <pre>mysql --host=sqlrserver --user=sqlruser --password=sqlrpassword --ssl-verify-server-cert
</pre>

</blockquote>
<p>(The --ssl option is not necessary in this invocation, as the --ssl-verify-server-cert option implies it.)</p>

<p>If the server's certificate is self-signed, then the certificate authority won't be known to the system, but it's certificate may be specified by the tlsca parameter as follows:</p>

<blockquote>
  <pre>mysql --host=sqlrserver --user=sqlruser --password=sqlrpassword --ssl-verify-server-cert --ssl-ca=/usr/local/firstworks/etc/myca.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>This establishes a TLS/SSL-encrypted session with the server and validates the server's certificate, but does not validate the server's identity.  The session will only continue if the server's certificate is valid, <b>but the client is still vulnerable to various attacks</b>.</p>

<p>Unfortunately, MySQL/MariaDB doesn't currently support host or domain name validation, so at present, the server's certificate can be validated, but the server's identity cannot.</p>

<h3>Mutual Authentication</h3>

<p>For an even more secure session, the server may also request a certificate from the client and validate the certificate.</p>

<p>The following configuration enables these checks for an instance of SQL Relay:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3307"</font>
				<font color="#009900">tls</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">tlscert</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrserver.pem"</font>
				<font color="#009900">tlsvalidate</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">tlsca</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/myca.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>tlsvalidate</b> attribute enables (or disables) validation that client's certificate was signed by a trusted certificate authority, known to the system, or as provided by the tlsca attribute.</li>
  <li>The <b>tlsca</b> attribute specifies a certificate authority to include when validating the client's certificate.  This is useful when validating self-signed certificates.</li>
  <ul>
    <li>(a .pem file is specified in this example, but on Windows systems, a .pfx file or Windows Certificate Store reference must be used. See <a href="tlsca.html">The tlsca Parameter</a> for details.)</li>
  </ul>

</ul>

<p>To access the instance, the client must provide, at minimum, a certificate chain file (containing the client's certificate, private key, and signing certificates, as appropriate), as follows:</p>

<blockquote>
  <pre>mysql --host=sqlrserver --user=sqlruser --password=sqlrpassword --ssl-cert=/usr/local/firstworks/etc/sqlrclient.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlscert.html">The tlscert Parameter</a> for details.)</p>

<p>In a more likely use case though, mutual authentication occurs - the client validates the server's certificate and the server validates the client's certificate, as follows:</p>

<blockquote>
  <pre>mysql --host=sqlrserver --user=sqlruser --password=sqlrpassword --ssl-cert=/usr/local/firstworks/etc/sqlrclient.pem --ssl-verify-server-cert --ssl-ca=/usr/local/firstworks/etc/myca.pem
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlscert.html">The tlscert Parameter</a> and <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>In this example, the client provides a certificate for the server to validate, validates the host's certificate against the provided certificate authority, and validates the host's identity against the provided host name.</p>

<p>SQL Relay can validate the client's certificate, and reject clients which present invalid certificates, but cannot yet authenticate the user via the Subject Alternative Name or Common Name presented in the certificate in lieu of a MySQL/MariaDB username.  As such, a username and password must still be supplied for authentication in this configuration.</p>

<h3>Performance Considerations</h3>

<p>While TLS/SSL authenticated and encrypted sessions are substantially more secure than standard SQL Relay sessions, several factors contribute to a performance penalty:</p>

<ul>
  <li>When establishing the secure session, a significant amount of data must be sent back and forth between the client and server over multiple network round-trips.</li>
  <li>Some TLS/SSL implementations impose a limit on the amount of data that can be sent or received at once, so more round trips may be required when processing queries.</li>
  <li>Without dedicated encryption hardware and a TLS/SSL implementation that supports it, the computation involved in encrypting and decrypting data can also introduce delays.</li>
</ul>

<p>Any kind of full session encryption should be used with caution in performance-sensitive applications.</p>

<a name="mysqlforeignbackend"/><h3>Foreign Backend</h3>

<p>Since SQL Relay supports a variety of database backends, the app can also be redirected to any of these databases, instead of the MySQL/MariaDB database it was originally written to use.</p>

<p>This is as simple as specifying a different database using the <i>dbase</i> attribute in the instance tag and specifying the appropriate database connection string in the <i>string</i> attribute of the connection tag.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, a MySQL frontend provides MySQL/MariaDB applications access to an Oracle backend database.</p>

<p>When targeting a foreign backend, some queries may have to be modified to use the syntax of the foreign database and some code may need to be changed, but a full rewrite of the app should not be necessary.</p>

<a name="mysqlspecialpurpose"/><h3>Special-Purpose Options</h3>

<h3>Mapping zero-scale DECIMAL to BIGINT</h3>

<p>When targeting a foreign backend...</p>

<p>Some backend databases, like Oracle, don't have integer types.  An integer type is really just a DECIMAL with a scale of 0.</p>

<p>By default, the MySQL frontend module maps zero-scale DECIMAL types to the MySQL DECIMAL type.  Buy you might want to map them to the MySQL BIGINT type instead.</p>

<p>The <i>zeroscaledecimaltobigint</i> option instructs the module to do this mapping.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font> <font color="#009900">zeroscaledecimaltobigint</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<h3>Mapping DATE to DATETIME</h3>

<p>When targeting a foreign backend...</p>

<p>Some backend databases, like Oracle, don't have separate DATE and DATETIME types.  Instead, they just have a DATE type, which can store date and time parts, and which parts are returned depend on a parameter like NLS_DATE_FORMAT.</p>

<p>By default, the MySQL frontend module maps the DATE type to the MySQL DATE type.  But, if you are using DATE type fields to store date/times and have the database configured to return date and time parts, then you might want the DATE type mapped to the MySQL DATETIME type.</p>

<p>The <i>datetodatetime</i> option instructs the module to do this mapping.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font> <font color="#009900">datetodatetime</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<h3>Supporting Older MariaDB JDBC Drivers</h3>

<p>Older MariaDB JDBC drivers had a bug related to fetching the server's capability flags, and would reliably throw a NullPointerException when attempting to connect.</p>

<p>(I'm not sure exactly what versions this bug is present in.  It's present in version 1.4.6, but fixed by 2.1.1.)</p>

<p>The <i>oldmariadbjdbcservercapabilitieshack</i> option instructs the module to return server capability flags that don't upset the old driver.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font> <font color="#009900">oldmariadbjdbcservercapabilitieshack</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<a name="mysqllimitations"/><h3>Limitations</h3>

<p>The implementation of the MySQL protocol is likely sufficient for most applications, but it isn't 100% complete.  Some notable limitations follow:</p>

<ul>
  <li>Only LATIN1_SWEDISH_CI and UTF8_GENERAL_CI character sets are supported.</li>
  <li>Only the mysql_native_password and mysql_clear_password authentication methods are supported.  Notably, mysql_old_password and authentication_windows_client are not supported.</li>
  <li>Multi-statement queries are not supported.</li>
  <li>mysql_change_user() is not supported.</li>
  <li>mysql_send_long_data() is not supported.</li>
  <li>mysql_info() will always returns NULL when used with SQL Relay.</li>
  <li>MYSQL_FIELD.org_name/org_name_length and MYSQL_FIELD.org_table/org_table_length are not supported.</li>
  <li>Kerberos authentication and encryption are not supported.</li>
</ul>

<p>Most of SQL Relay's core features are available when it is configured to speak the MySQL protocol, but there are a few incompatible configurations:</p>

<ul>
  <li>Since the listener tag is used to define which addresses, port, and socket to listen on, you should not configure any <i>addresses</i>, <i>port</i>, and <i>socket</i> attributes in the instance tag.</li>
  <li>Since the auth and user tags are used to load the authentication module and define users, you should not configure a users tag at all.  Nor should you configure an <i>authtier</i> attribute in the instance tag.</li>
  <li>As Kerberos authentication and encryption are not supported, you should not configure any attributes related to Kerberos in the instance tag.</li>
</ul>

<p>Otherwise, all other tags and attributes are compatbile.</p>

<br/><a name="postgresqlprotocol"/><h2>PostgreSQL Protocol</h2>

<p>SQL Relay can be configured to speak the native PostgreSQL protocol, enabling client programs for PostgreSQL (eg. the psql command line program) to access SQL Relay directly.</p>

<p>If an instance speaks the PostgreSQL client-server protocol, then any client that wishes to use it must also speak the PostgreSQL client-server protocol.  This means that most software written using the PostgreSQL API, or written using a database abstraction layer which loads a driver for PostgreSQL can access this instance.  However, it also means that SQL Relay's standard sqlrsh client program and client programs for other databases (eg. the psql, and sqlplus command line programs, MySQL Workbench, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<a name="postgresqlconfiguration"/><h3>Basic Configuration</h3>

<p>To enable SQL Relay to speak the PostgreSQL protocol, add the appropriate listener tag:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5433"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this configuration:</p>

<ul>
  <li>The connection tag instructs the instance to log in to the <i>postgresqldb</i> database on host <i>postgresqlhost</i> as user <i>postgresqluser</i> with password <i>postgresqlpassword</i>.</li>
  <li>The listener tag instructs SQL Relay to load the <i>postgresql</i> protocol module, and listen on port 5433.</li>
</ul>

<p>The instance can be started using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>start <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>and accessed from the local machine using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>psql <font color="#990000">-</font><font color="#008080">h</font> localhost <font color="#990000">-</font>p <font color="#993399">5433</font> <font color="#990000">-</font>U sqlruser</tt></pre>

</blockquote>
<p>By default, SQL Relay listens on all available network interfaces, and can be accessed remotely by hostname.  For example, if the server running SQL Relay is named <i>sqlrserver</i> then it can be accessed from another system using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>psql <font color="#990000">-</font><font color="#008080">h</font> sqlrserver <font color="#990000">-</font>p <font color="#993399">5433</font> <font color="#990000">-</font>U sqlruser</tt></pre>

</blockquote>
<p>The instance can be stopped using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>stop <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>Since this instance speaks the PostgreSQL client-server protocol, any client that wishes to use it must also speak the PostgreSQL client-server protocol.  This means that most software written using the PostgreSQL API, or written using a database abstraction layer which loads a driver for PostgreSQL can access this instance.  However, it also means that SQL Relay's standard sqlrsh client program and client programs for other databases (eg. the mysql, and sqlplus command line programs, MySQL Workbench, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<a name="postgresqllistener"/><h3>Listener Options</h3>

<p>In the example above, the instance is configured to listen on port 5433.  The MySQL/MariaDB database typically listens on port 5432, so port 5433 was chosen to avoid collisions with the database itself.</p>

<p>However, if SQL Relay is run on a different server than the database, then it can be configured to run on port 5432.  This is desirable when using SQL Relay as a transparent proxy.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>If the server has multiple network interfaces, SQL Relay can also be configured to listen on specific IP addresses.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">addresses</font><font color="#990000">=</font><font color="#FF0000">"192.168.1.50,192.168.1.51"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In the example above, it can be accessed on 192.168.1.50 and 192.168.1.51 but not on 127.0.0.1 (localhost).</p>

<p>It can also be configured to listen on a unix socket by adding a <i>socket</i> attribute to the listener tag.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/.s.PGSQL.5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>(Note that the user that SQL Relay runs as must be able to read and write to the path of the socket.)</p>

<p>If the socket option is specified but the port option is not, then SQL Relay will only listen on the socket.  If port and socket options are both specified then it listens on both.</p>

<a name="postgresqlauth"/><h3>Authentication/Encryption Options</h3>

<p>When using the PostgreSQL protocol, there are several options for controlling which users are allowed to access an instance of SQL Relay.</p>

<a name="postgresqlconnectstringsauth"/><h3>Connect Strings Auth</h3>

<p>The default authentication option is <i>connect strings</i> auth.</p>

<p>When connect strings authentication is used, a user is authenticated against the set of user/password combinations that SQL Relay is configured to use to access the database.  That is, they are the values of the user and password parameters of the string attribute of the connection tag.</p>

<p>In the following example, SQL Relay is configured to access the database using postgresqlsuer/postgresqlpassword credentials.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, clients would also use postgresqluser/postgresqlpassword credentials to access SQL Relay.</p>

<p>Though it is not necessary, it is possible to explicitly configure SQL Relay to load the <i>connect strings</i> auth module as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"postgresql_connectstrings"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<a name="postgresqluserlistauth"/><h3>User List Auth</h3>

<p>Another popular authentication option is <i>user list</i> auth.</p>

<p>When user list authentication is used, a user is authenticated against a static list of user/password combinations, which may be different than the user/password used that SQL Relay uses to access the database.</p>

<p>To enable user list auth, you must provide a list of user/password combinations, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"postgresql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"onepassword"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"anotherpassword"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"yetanotherpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>If you would prefer not to include passwords directly in the config file, then you can put them in external files, and enclose the full path of each file in square brackets as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"postgresql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/oneuser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/anotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[/usr/local/firstworks/etc/yetanotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example...</p>

<p>The contents of the file /usr/local/firsworks/etc/oneuser.pwd would be used to authenticate oneuser, and would contain the text:</p>

<blockquote>
  <pre>onepassword
</pre>

</blockquote>
<p>The contents of the file /usr/local/firsworks/etc/anotheruser.pwd would be used to authenticate anotheruser, and would contain the text:</p>

<blockquote>
  <pre>anotherpassword
</pre>

</blockquote>
<p>The contents of the file /usr/local/firsworks/etc/yetanotheruser.pwd would be used to authenticate yetanotheruser, and would contain the text:</p>

<blockquote>
  <pre>yetanotherpassword
</pre>

</blockquote>
<p>This approach is useful if you want to give the files containing the passwords more restrictive permissions than the config file itself, or possibly for other reasons.</p>

<p>( <b>NOTE:</b> Trailing whitespace is ignored when passwords are stored in external files.)</p>

<p>If you would prefer not to use full pathnames inside of each set of square brackets, then you can  specify a <i>passwordpath</i> attribute in the instance tag, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">passwordpath</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"postgresql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oneuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[oneuser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"anotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[anotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"yetanotheruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"[yetanotheruser.pwd]"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, the path /usr/local/firstworks/etc will be searched for the files oneuser.pwd, anotheruser.pwd, and yetanotheruser.pwd.</p>

<p>When using SQL Relay as a transparent proxy, it is desirable to define the same set of users that are defined in the database itself.  While this may sound inconvenient, in practice, most apps use a single user to access the database, and it's not uncommon for multiple apps to share a user.  So, the list is typically short.</p>

<p>If the database has a lot of users, or users are added, deleted, or updated regularly, then it might be inconvenient to maintain a duplicate list of users in the configuration file.  Unfortunately there isn't currently a <i>postgresql_database</i> auth module that can be used to auth users directly against the database, so for now this is the only option.</p>

<a name="postgresqltls"/><h3>TLS/SSL Encryption and Authentication</h3>

<p>SQL Relay supports TLS/SSL encryption and authentication between the PostgreSQL client and SQL Relay Server.</p>

<p>When TLS/SSL encryption and authentication is used:</p>

<ul>
  <li>All communications between the PostgreSQL client and SQL Relay server are encrypted.</li>
  <li>PostgreSQL clients and servers may optionally validate each other's certificates and identities.</li>
</ul>

<p>When using TLS/SSL encryption and authentication, at minimum, the SQL Relay server must be configured to load a certificate.  For highly secure production environments, this certificate should come from a trusted certificate authority.  In other environments the certificate may be self-signed, or even be borrowed from another server.</p>

<h3>Encryption Only</h3>

<p>The following configuration enables TLS/SSL encryption for an instance of SQL Relay:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5433"</font> <font color="#009900">tls</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">tlscert</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrserver.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>tls</b> attribute enables (or disables) TLS/SSL encryption.</li>
  <li>The <b>tlscert</b> attribute specifies the TLS/SSL certificate chain to use.</li>
  <ul>
    <li>(a .pem file is specified in this example, but on Windows systems, a .pfx file or Windows Certificate Store reference must be used. See <a href="tlscert.html">The tlscert Parameter</a> for details.)</li>
  </ul>

  <li>User list authentication is also used.  Other authentication methods are not currently supported with TLS/SSL.</li>
</ul>

<p>To start the instance on a Linux or Unix system, you must be logged in as a user that can read the file specified by the tlscert attribute.  If that criterium is met then the instance can be started using:</p>

<blockquote>
  <pre>sqlr-start -id example
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>The instance may be accessed as follows:</p>

<blockquote>
  <pre>PGSSLMODE=require psql -h sqlrserver -U sqlruser
</pre>

</blockquote>
<p>This establishes a TLS/SSL-encrypted session but does not validate the server's certificate or identity.  The session will only continue if the server's certificate is is well-formed and hasn't expired, <b>but the client is still vulnerable to various attacks</b>.</p>

<h3>Certificate Validation</h3>

<p>For a more secure session, the client may validate that the server's certificate was signed by a trusted certificate authority, known to the system, as follows:</p>

<blockquote>
  <pre>PGSSLMODE=verify-ca psql -h sqlrserver -U sqlruser
</pre>

</blockquote>
<p>If the server's certificate is self-signed, then the certificate authority won't be known to the system, but it's certificate may be specified by the tlsca parameter as follows:</p>

<blockquote>
  <pre>PGSSLMODE=verify-ca PGSSLROOTCERT=/usr/local/firstworks/etc/myca.pem psql -h sqlrserver -U sqlruser
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>This establishes a TLS/SSL-encrypted session with the server and validates the server's certificate, but does not validate the server's identity.  The session will only continue if the server's certificate is valid, <b>but the client is still vulnerable to various attacks</b>.</p>

<h3>Host Name Validation</h3>

<p>For a more secure session, the client may validate that the host name provided by the server's certificate matches the host name that the client meant to connect to, as follows:</p>

<blockquote>
  <pre>PGSSLMODE=verify-full PGSSLROOTCERT=/usr/local/firstworks/etc/myca.pem psql -h sqlrserver.firstworks.com -U sqlruser
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>Note that the fully qualified host name was provided.  Note also the use of the verify-full value for the PGSSLMODE environment variable.  With these parameters, in addition to validating that the server's certificate was signed by a trusted certificate authority, the host name will also be validated.  If the certificate contains Subject Alternative Names, then the host name will be compared to each of them.  If no Subject Alternative Names are provided then the host name will be compared to the certificate's Common Name.  The session will only continue if the sever's certificate and identity are both valid.</p>

<p>The PostgreSQL client only appears to support fully qualified host name validation.  It does not appear possible to instruct the client to only validate the domain portion of the host name.</p>

<h3>Mutual Authentication</h3>

<p>For an even more secure session, the server may also request a certificate from the client, validate the certificate, and optionally authenticate the client based on the host name provided by the certificate.</p>

<p>The following configuration enables these checks for an instance of SQL Relay:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5433"</font>
				<font color="#009900">tls</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">tlscert</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/sqlrserver.pem"</font>
				<font color="#009900">tlsvalidate</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">tlsca</font><font color="#990000">=</font><font color="#FF0000">"/usr/local/firstworks/etc/myca.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;db=postgresqldb;host=postgresqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<ul>
  <li>The <b>tlsvalidate</b> attribute enables (or disables) validation that client's certificate was signed by a trusted certificate authority, known to the system, or as provided by the tlsca attribute.</li>
  <li>The <b>tlsca</b> attribute specifies a certificate authority to include when validating the client's certificate.  This is useful when validating self-signed certificates.</li>
  <ul>
    <li>(a .pem file is specified in this example, but on Windows systems, a .pfx file or Windows Certificate Store reference must be used. See <a href="tlsca.html">The tlsca Parameter</a> for details.)</li>
  </ul>

  <li>User list authentication is also used.</li>
</ul>

<p>Note that no passwords are required in the user list.  In this configuration, the Subject Alternative Names in the client's certificate (or Common Name if no SAN's are present) are authenticated against the list of valid names.</p>

<p>Note also that when <b>tlsvalidate</b> is set to "yes", database and proxied authentication cannot currently be used.  This is because database and proxied authentication both require a user name and password but the client certificate doesn't provide either.</p>

<p>To access the instance, the client must provide, at minimum, a certificate chain file (containing the client's certificate, private key, and signing certificates, as appropriate), as follows:</p>

<blockquote>
  <pre>PGSSLMODE=verify-full PGSSLCERT=/usr/local/firstworks/etc/sqlrclient.pem PGSSLKEY=/usr/local/firstworks/etc/sqlrclient.pem psql -h sqlrserver.firstworks.com -U sqlruser
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlscert.html">The tlscert Parameter</a> for details.)</p>

<p>Note that the PGSSLCERT and PGSSLKEY parameters specify the same file.  psql requires that the client certificate and private key both be specified.  If the certificate file contains the key then the same file may be specified in both environment variables.  If the certificate and key are contained in separate files, then each may be specified individually.</p>

<p>In a more likely use case though, mutual authentication occurs - the client validates the server's certificate and the server validates the client's certificate, as follows:</p>

<blockquote>
  <pre>PGSSLMODE=verify-full PGSSLCERT=/usr/local/firstworks/etc/sqlrclient.pem PGSSLKEY=/usr/local/firstworks/etc/sqlrclient.pem PGSSLROOTCERT=/usr/local/firstworks/etc/myca.pem psql -h sqlrserver.firstworks.com -U sqlruser
</pre>

</blockquote>
<p>(.pem files are specified in this example, but on Windows systems, .pfx file or Windows Certificate Store references must be used.  See <a href="tlscert.html">The tlscert Parameter</a> and <a href="tlsca.html">The tlsca Parameter</a> for details.)</p>

<p>In this example, the client provides a certificate for the server to validate, validates the host's certificate against the provided certificate authority, and validates the host's identity against the provided host name.</p>

<p>SQL Relay can validate the client's certificate, and reject clients which present invalid certificates, but cannot yet authenticate the user via the Subject Alternative Name or Common Name presented in the certificate in lieu of a PostgreSQL username.  As such, a username and password must still be supplied for authentication in this configuration.</p>

<h3>Performance Considerations</h3>

<p>While TLS/SSL authenticated and encrypted sessions are substantially more secure than standard SQL Relay sessions, several factors contribute to a performance penalty:</p>

<ul>
  <li>When establishing the secure session, a significant amount of data must be sent back and forth between the client and server over multiple network round-trips.</li>
  <li>Some TLS/SSL implementations impose a limit on the amount of data that can be sent or received at once, so more round trips may be required when processing queries.</li>
  <li>Without dedicated encryption hardware and a TLS/SSL implementation that supports it, the computation involved in encrypting and decrypting data can also introduce delays.</li>
</ul>

<p>Any kind of full session encryption should be used with caution in performance-sensitive applications.</p>

<a name="postgresqlforeignbackend"/><h3>Foreign Backend</h3>

<p>Since SQL Relay supports a variety of database backends, the app can also be redirected to any of these databases, instead of the PostgreSQL database it was originally written to use.</p>

<p>This is as simple as specifying a different database using the <i>dbase</i> attribute in the instance tag and specifying the appropriate database connection string in the <i>string</i> attribute of the connection tag.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, a PostgreSQL frontend provides PostgreSQL applications access to an Oracle backend database.</p>

<p>When targeting a foreign backend, some queries may have to be modified to use the syntax of the foreign database and some code may need to be changed, but a full rewrite of the app should not be necessary.</p>

<a name="postgresqllimitations"/><h3>Limitations</h3>

<p>The implementation of the PostgreSQL protocol is likely sufficient for most applications, but it isn't 100% complete.  Some notable limitations follow:</p>

<ul>
  <li>Kerberos authentication and encryption are not supported.</li>
  <li>Multi-statement queries are not supported.</li>
</ul>

<p>Most of SQL Relay's core features are available when it is configured to speak the PostgreSQL protocol, but there are a few incompatible configurations:</p>

<ul>
  <li>Since the listener tag is used to define which addresses, port, and socket to listen on, you should not configure any <i>addresses</i>, <i>port</i>, and <i>socket</i> attributes in the instance tag.</li>
  <li>Since the auth and user tags are used to load the authentication module and define users, you should not configure a users tag at all.  Nor should you configure an <i>authtier</i> attribute in the instance tag.</li>
  <li>Database-authentication (authenticating users directly against the database) is not currently supported.</li>
  <li>As Kerberos authentication and encryption are not supported, you should not configure any attributes related to Kerberos in the instance tag.</li>
</ul>

<p>Otherwise, all other tags and attributes are compatbile.</p>

<br/><a name="multipleprotocols"/><h2>Multiple Protocols</h2>

<p>A single instance of SQL Relay can also be configured to speak multiple protocols, granting access to the same database to applications which speak SQLRClient, MySQL, and/or PostgreSQL.</p>

<a name="multiprotocolconfiguration"/><h3>Basic Configuration</h3>

<p>To enable SQL Relay to speak multiple protocols, add the appropriate listener tags:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9000"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this configuration:</p>

<ul>
  <li>The connection tag instructs the instance to log in to the <i>orcl</i> <i>oracle</i> database as user <i>scott</i> with password <i>tiger</i>.</li>
  <li>The first listener tag instructs SQL Relay to load the <i>sqlrclient</i> and listen on port 9000 (the default SQL Relay port) for native SQL Relay clients.</li>
  <li>The second listener tag instructs SQL Relay to load the <i>mysql</i> and listen on port 3306 (the default MySQL port) for MySQL clients.</li>
  <li>The third listener tag instructs SQL Relay to load the <i>postgresql</i> and listen on port 5432 (the default PostgreSQL port) for PostgreSQL clients.</li>
</ul>

<p>The instance can be started using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>start <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>and accessed from the local machine using the native SQL Relay command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlrsh <font color="#990000">-</font><font color="#008080">host</font> localhost <font color="#990000">-</font><font color="#008080">user</font> scott <font color="#990000">-</font>password tiger</tt></pre>

</blockquote>
<p>or from the local machine using the MySQL command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font><font color="#993399">127.0</font><font color="#990000">.</font><font color="#993399">0.1</font> <font color="#990000">--</font>user<font color="#990000">=</font>scott <font color="#990000">--</font>password<font color="#990000">=</font>tiger</tt></pre>

</blockquote>
<p>or from the local machine using the PostgreSQL command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>psql <font color="#990000">-</font><font color="#008080">h</font> localhost <font color="#990000">-</font>U scott</tt></pre>

</blockquote>
<p>By default, SQL Relay listens on all available network interfaces, and can be accessed remotely by hostname.  For example, if the server running SQL Relay is named <i>sqlrserver</i> then it can be accessed from another system using the native SQL Relay command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlrsh <font color="#990000">-</font><font color="#008080">host</font> sqlrserver <font color="#990000">-</font><font color="#008080">user</font> scott <font color="#990000">-</font>password tiger</tt></pre>

</blockquote>
<p>or using the MySQL command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font>sqlrserver <font color="#990000">--</font>user<font color="#990000">=</font>scott <font color="#990000">--</font>password<font color="#990000">=</font>tiger</tt></pre>

</blockquote>
<p>or using the PostgreSQL command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>psql <font color="#990000">-</font><font color="#008080">h</font> sqlrserver <font color="#990000">-</font>U scott</tt></pre>

</blockquote>
<p>The instance can be stopped using:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlr<font color="#990000">-</font>stop <font color="#990000">-</font>id example</tt></pre>

</blockquote>
<p>Since this instance speaks the SQLRClient, MySQL, and PostgreSQL client-server protocols, clients that wish to use it may speak any of those client-server protocol.  This means that most software written using the SQL Relay, MySQL, or PostgreSQL APIs, or written using a database abstraction layer which loads a driver for SQL Relay, MySQL, or PostgreSQL can access this instance.  However, client programs for other databases (eg. the sqlplus command line programs, Oracle SQL Developer, SQL Server Management Studio, etc.) cannot access this instance.</p>

<p>In this example, a frontend that supports MySQL and PostgreSQL protocols provides access to an Oracle backend database.  As such some queries may have to be modified from their native MySQL and PostgreSQL syntax to use the syntax of the Oracle database.</p>

<a name="multiprotocollistener"/><h3>Listener Options</h3>

<p>When configured to support multiple protocols, each listener may be configured with the full set of attributes available for that protocol module.</p>

<p>For example:</p>

<ul>
  <li>All modules support the host, port, and addresses attributes.</li>
  <li>All modules support the various tls attributes.</li>
  <li>The sqlrclient module supports the various krb attributes, but other modules do not.</li>
</ul>

<a name="multiprotocolauth"/><h3>Authentication/Encryption Options</h3>

<p>The default authentication option is <i>connect strings</i> auth.  This option works the same as it does when SQL Relay is configured to use a single protocol - a user is authenticated against the set of user/password combinations that SQL Relay is configured to use to access the database.</p>

<p>However, other auth modules can also be used.  Each auth module knows to work with the corresponding protocol module.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9000"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"3306"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">protocol</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"5432"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"sqlrpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"mysql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"mysqluser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"mysqlpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"postgresql_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"postgresluser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"postgresqlpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example:</p>

<ul>
  <li>Native SQL Relay clients will be authenticated using the the sqlrclient_userlist auth module.</li>
  <li>MySQL clients will be authenticated using the the mysql_userlist auth module.</li>
  <li>PostgreSQL clients will be authenticated using the the postgresql_userlist auth module.</li>
</ul>

<p>It can accessed from the local machine using the native SQL Relay command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sqlrsh <font color="#990000">-</font><font color="#008080">host</font> localhost <font color="#990000">-</font><font color="#008080">user</font> sqlruser <font color="#990000">-</font>password sqlrpassword</tt></pre>

</blockquote>
<p>or from the local machine using the MySQL command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>mysql <font color="#990000">--</font>host<font color="#990000">=</font><font color="#993399">127.0</font><font color="#990000">.</font><font color="#993399">0.1</font> <font color="#990000">--</font>user<font color="#990000">=</font>mysqluser <font color="#990000">--</font>password<font color="#990000">=</font>mysqlpassword</tt></pre>

</blockquote>
<p>or from the local machine using the PostgreSQL command line client, as follows:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>psql <font color="#990000">-</font><font color="#008080">h</font> localhost <font color="#990000">-</font>U postgresqluser</tt></pre>

</blockquote>
<hr/>

<br/><a name="ha"/><h1>High Availabiltiy</h1>

<p>In a high availability environment, SQL Relay can be deployed as a front-end to provide load-balancing and fail-over for a set of replicated database servers or database cluster.  Load-balancing and fail-over can also be implemented over multiple SQL Relay servers.</p>

<br/><a name="cluster"/><h2>Load-Balancing and Fail-Over With Replicated Databases or Database Clusters</h2>

<p>In a database cluster or replication environment, SQL Relay can be configured to maintain a pool of connections to the various database nodes and distribute client sessions over the nodes.  If an individual node fails, SQL Relay will attempt to reestablish connections to that node, while continuing to distribute client sessions over the remaining nodes.</p>

<table>
  <tr>
    <td><img src="../images/cluster.png"/>
</td>
    <td><img style="padding-left: 40px; " src="../images/replicated.png"/>
</td>
  </tr>
</table>

<p>In the configuration file, each connection tag defines a node to maintain connections to.  In the following example, SQL Relay is configured to distribute over three Oracle nodes - orcl1, orcl2, and orcl3</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl1"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl2"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl3"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Any number of connection tags may be defined.</p>

<p>SQL Relay also supports disproportionate distribution of load. If some nodes can handle more traffic than others, then SQL Relay can be configured to send more traffic to the more capable nodes.</p>

<p><img src="../images/replicated-disproportionate.png"/></p>

<p>SQL Relay uses the connection tag's metric attribute to decide how many connections to open to each node.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl1"</font> <font color="#009900">metric</font><font color="#990000">=</font><font color="#FF0000">"5"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl2"</font> <font color="#009900">metric</font><font color="#990000">=</font><font color="#FF0000">"15"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl3"</font> <font color="#009900">metric</font><font color="#990000">=</font><font color="#FF0000">"30"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The metric attribute doesn't specify the number of connections to open to each node, but the higher the metric relative to the other metrics, the more connections to that node will be opened and maintained.  For example, if the metric for the first node is twice as large as the metric for the second node, then SQL Relay will open twice as many connections to the first node as the second.</p>

<p>In the example above, 15 is 3 times 5, so 3 times as many connections will be opened to orcl2 as to orcl1.  30 is 6 times 5, so 6 times as many connections will be opened to orcl3 as orcl1.  Since a total of 10 connections will be opened, 1 will be opened to orcl1, 3 to orcl2, and 6 to orcl2.</p>

<br/><a name="rac"/><h2>Already-Load-Balanced Databases</h2>

<p>In a typical database cluster or replicated environment, the nodes are identifiable as separate hosts.  However, when the nodes are located behind a load-balancing appliance or running on an application cluster, such as Oracle RAC, SQL Relay cannot identity an individual node.</p>

<p>In these environments, if a node goes down, SQL Relay will attempt to re-establish the connection, but rather than failing until the node comes back up, the new connection will more likely just succeed to a different node in the cluster.  Over time, this can lead to disproportionate load-balancing, with a bias toward nodes that have never gone down.</p>

<p>SQL Relay manages this by "shuffling" the connections periodically.  Every so often, each database connection is re-established, giving that connection a chance to be re-established to a node that may have gone down but is now back up.</p>

<p>To indicate to SQL Relay that the nodes are already-load-balanced, and need to be "shuffled" periodically, only one connection tag should be used, with the behindloadbalancer attribute set to "yes".</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orclrac"</font> <font color="#009900">behindloadbalancer</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<br/><br/><a name="masterslave"/><h2>Master-Slave Query Routing</h2>

<p>The load-balancing scenarios described above all assume that master-master replication is being used.  SQL Relay supports master-slave replication as well.</p>

<p>In a master-slave replication environment, SQL Relay can be configured to route DML and DDL queries to the master and distribute selects over the slaves.</p>

<p><img src="../images/router.png"/></p>

<p>This actually requires 3 instances of SQL Relay.  One to connect to the master, one to connect to the slaves, and a third to route queries to the first two.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

        <i><font color="#9A1900">&lt;!-- This instance maintains connections to the "master" MySQL database</font></i>
<i><font color="#9A1900">                on the masterdb machine.  This instance only listens on the</font></i>
<i><font color="#9A1900">                unix socket /tmp/master.socket and thus cannot be connected to</font></i>
<i><font color="#9A1900">                by clients from another machine. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"master"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/master.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=masteruser;password=masterpassword;host=masterdb;db=master;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance maintains connections to 4 "slave" MySQL databases</font></i>
<i><font color="#9A1900">                on 4 slave machines.  This instance only listens on the unix</font></i>
<i><font color="#9A1900">                socket /tmp/slave.socket and thus cannot be connected to by</font></i>
<i><font color="#9A1900">                clients from another machine. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"slave"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/slave.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb1;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb2;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb3;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb3;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance sends DML (insert,update,delete) and</font></i>
<i><font color="#9A1900">                DDL (create/delete) queries to the "master" SQL Relay instance</font></i>
<i><font color="#9A1900">                which, in turn, sends them to the "master" database.</font></i>
<i><font color="#9A1900">                This instance sends any other queries to the "slave" SQL Relay</font></i>
<i><font color="#9A1900">                instance which, in turn, distributes them over the "slave"</font></i>
<i><font color="#9A1900">                databases. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
                        <i><font color="#9A1900">&lt;!-- send all DML/DDL queries to "master"  --&gt;</font></i>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^drop "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^create "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^insert "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^update "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^delete "</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
                        <i><font color="#9A1900">&lt;!-- send all other queries to "slave" --&gt;</font></i>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">".*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/master.socket;user=masteruser;password=masterpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/slave.socket;user=slaveuser;password=slavepassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The first two instances use familiar configuration options, but the third uses a dbtype of "router" and uses router tags to define query routing rules.</p>

<p>(Note the <i>module</i> attribute of the router tag.  SQL Relay is highly modular, and many advanced features, including query routing, are implemented by loadable modules.)</p>

<p>(Note also the use of a notifications tag.  See <a href="#notifications">Notifications</a> below for more information.)</p>

<p>Each router tag defines a connectionid to send the query to and a set of regular expression patterns to match.  Queries that match the set of patterns defined in the pattern tags are sent to the instance of SQL Relay designated by the connectionid in the router tag.</p>

<p>The three instances can be started using:</p>

<blockquote>
  <pre>sqlr-start -id master
sqlr-start -id slave
sqlr-start -id router
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>Client applications should connect to the router instance rather than the master or slave instances.</p>

<blockquote>
  <pre>sqlrsh -host sqlrserver -user routeruser -password routerpassword
</pre>

</blockquote>
<br/><br/><a name="frontendlb"/><h2>Front-End Load-Balancing and Fail-Over</h2>

<p>If you are building out a high availability environment, or if your pool of application servers is just sufficiently large, you might want to set up a pool of SQL Relay servers between your application servers and the database.</p>

<p>SQL Relay supports two front-end load-balancing and fail-over strategies.  In the first strategy, load-balancing and fail-over are provided by an appliance or application cluster.  In the second, SQL Relay provides its own load-balancing and fail-over, with some help from DNS.</p>

<p>Multiple instances of SQL Relay can be placed behind a load-balancing appliance.</p>

<p><img src="../images/loadbalancer.png"/></p>

<p>In this illustration, the load-balancing appliance is shown as a single machine, but in a true HA environment, there would be 2 or more appliances sharing a virtual IP.  Alternatively, rather than using an appliance, SQL Relay can be run on an application server cluster such as Linux Virtual Server.</p>

<p><a target="_blank" href="http://en.wikipedia.org/wiki/Round-robin_DNS">Round-robin DNS</a> can be also be used to provide load-balancing and fail-over over multiple SQL Relay servers.</p>

<p><img src="../images/rrdns.png"/></p>

<p>In a round-robin DNS scenario, multiple IP addresses are assigned to the same host name.  The SQL Relay client is then configured to connect to that host.  When it requests the IP addresses for the host, the client receives all of the IP addresses assigned to it, rather than just a single address.</p>

<p>Round-robin DNS is so-called because, traditionally, the order of the IP addresses returned on successive requests alternated reliably, in round-robin fashion.  This behavior persists in many environments, but it is no longer guaranteed, as many modern DNS resolvers sort the list and return the IP addresses in the same order, every time.  SQL Relay clients randomize the list though, and try to connect to each of the IP addresses, one-at-a-time, until they succeed.  Doing so provides both load-balancing and fail-over without requiring an appliance or application server cluster.</p>

<hr/>

<br/><a name="security"/><h1>Security Features</h1>

<p>SQL Relay offers several features to enhance security.</p>

<br/><a name="frontendencryption"/><h2>Front-End Encryption and Secure Authentication</h2>

<p>When configured to use the SQLRClient front-end protocol (the default), SQL Relay supports <a href="#sqlrclientkrb">Kerberos and Active Directory Encryption and Authentication</a> and <a href="#sqlrclienttls">TLS/SSL Encryption and Authentication</a> between the SQL Relay client and SQL Relay server.</p>

<p>When configured to use the MySQL or PostgreSQL front-end protocols, SQL Relay supports TLS/SSL encryption and authentication between the SQL Relay client and SQL Relay server.  See <a href="#mysqltls">MySQL TLS/SSL Encryption and Authentication</a> and <a href="#postgresqltls">PostgreSQL TLS/SSL Encryption and Authentication</a> for details.</p>

<br/><a name="backendencryption"/><h2>Back-End Encryption and Secure Authentication</h2>

<p>SQL Relay also supports TLS/SSL Encryption and Authentication between the SQL Relay server and some databases.</p>

<p>The configuration details differ between databases though.</p>

<br/><a name="backendenc-oracle"/><h2>Oracle</h2>

<p>Modern Oracle databases support the following TLS/SSL features:</p>

<ul>
  <li>Encryption</li>
  <li>Certificate Validation</li>
  <li>Distinguished Name Validation</li>
  <li>Mutual Authentication</li>
</ul>

<p>Configuring SQL Relay to use TLS/SSL encryption and authentication with an Oracle database involves:</p>

<ul>
  <li>Configuring SQL*Net on the database server to support secure connections</li>
  <li>Configuring SQL*Net on the SQL Relay server to support secure connections</li>
  <li>Telling SQL Relay to use an oracle_sid that refers to a secure connection</li>
</ul>

<p>Most of the configuration on the SQL Relay server is done outside of SQL Relay itself.</p>

<p>Configuring SQL*Net involves setting up Oracle Wallets, which is a relatively complex process.  See <a target="_blank" href="http://software.firstworks.com/p/oracle-tlsssl-encryption-tutorials.html">Oracle TLS/SSL Encryption Tutorials</a> for more information.  Once that is done though, the SQL Relay configuration is relatively simple.</p>

<p>In this example, orcltls refers to a TLS/SSL-secured entry in the tnsnames.ora file (usually $ORACLE_HOME/network/admin/tnsnames.ora):</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_home=/u01/app/oracle/product/12.1.0;oracle_sid=orcltls"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, there is no tnsnames.ora file, so the oracle_sid is set directly to a tnsnames-style expression that describes a TLS/SSL-secured connection:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=(DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = examplehost)(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)))"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Note the TCPS protocol and port 2848.  Also note that the SERVICE_NAME is still set to orcl, rather than orcltls.</p>

<p>This example adds distinguished name validation:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=(DESCRIPTION = (ADDRESS = (PROTOCOL = TCPS)(HOST = examplehost)(PORT = 2484)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl)) (SECURITY = (SSL_SERVER_CERT_DN = "</font><font color="#009900">CN</font><font color="#990000">=</font><font color="#FF0000">examplehost.yourdomain.com")))"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this case, the database server's certificate is expected to present the distinguished name: CN=examplehost.yourdomain.com</p>

<br/><a name="backendenc-mssql-freetds"/><h2>Microsoft SQL Server (via FreeTDS)</h2>

<p>Modern Microsoft SQL Server databases support the following TLS/SSL features:</p>

<ul>
  <li>Encryption</li>
  <li>Certificate Validation</li>
  <li>Common Name Validation</li>
</ul>

<p>Microsoft SQL Server does not support Mutual Authentication over TLS/SSL.</p>

<p>Configuring SQL Relay to use TLS/SSL encryption and authentication with a Microsoft SQL Server database via FreeTDS involves:</p>

<ul>
  <li>Installing a certificate and key on the database server</li>
  <li>Configuring FreeTDS on the SQL Relay server to support secure connections</li>
  <li>Telling SQL Relay to use a FreeTDS server entry that refers to a secure connection</li>
</ul>

<p>Modern Microsoft SQL Server databases support encryption by default, and enable it upon request.  However, a certificate must be installed on the database server to support authentication.  This process can be tricky because SQL Server places some specific requirements on the certificate:</p>

<ul>
  <li>The common name MUST match the fully qualified domain name of the database server (host name + primary DNS suffix).</li>
  <ul>
    <li>...but Windows servers are commonly configured without a primary DNS suffix.</li>
  </ul>

  <li>The Enhanced Key Usage property MUST include Server Authentication.</li>
  <ul>
    <li>Or, in openssl terms: the extendedKeyUsage extension must include serverAuth in the extfile used to generate the certificate signing request.</li>
  </ul>

</ul>

<p>See <a target="_blank" href="http://software.firstworks.com/p/tlsssl-encryption-with-ms-sql-server.html">TLS/SSL Encryption with MS SQL Server and FreeTDS</a> for more information.</p>

<p>Most of the configuration on the SQL Relay server is done outside of SQL Relay itself, in the freetds.conf file (usually /etc/freetds.conf or /usr/local/etc/freetds.conf).</p>

<p>In this example, FreeTDS is configured to require an encrypted connection to the database:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>FREETDSSERVER<font color="#990000">]</font>
	host <font color="#990000">=</font> examplehost
	port <font color="#990000">=</font> <font color="#993399">1433</font>
	<font color="#008080">tds</font> version <font color="#990000">=</font> <font color="#993399">7.1</font>
	<font color="#008080">client</font> charset <font color="#990000">=</font> UTF<font color="#990000">-</font><font color="#993399">8</font>
	encryption <font color="#990000">=</font> require</tt></pre>

</blockquote>
<p>Note that the tds version is 7.1 or higher.  Version 7.0 doesn't support encryption.</p>

<p>In this example, FreeTDS is also configured to validate the database server's certificate against the CA cert /etc/ca.pem (but does not validate the common name):</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>FREETDSSERVER<font color="#990000">]</font>
	host <font color="#990000">=</font> examplehost
	port <font color="#990000">=</font> <font color="#993399">1433</font>
	<font color="#008080">tds</font> version <font color="#990000">=</font> <font color="#993399">7.1</font>
	<font color="#008080">client</font> charset <font color="#990000">=</font> UTF<font color="#990000">-</font><font color="#993399">8</font>
	encryption <font color="#990000">=</font> require
	<font color="#008080">ca</font> file <font color="#990000">=</font> <font color="#990000">/</font>etc<font color="#990000">/</font>ca<font color="#990000">.</font>pem
	check <font color="#008080">certificate</font> hostname <font color="#990000">=</font> no</tt></pre>

</blockquote>
<p>In this example, FreeTDS is also configured to validate that the common name in the database server's certificate matches the database server's host name:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">[</font>FREETDSSERVER<font color="#990000">]</font>
	host <font color="#990000">=</font> examplehost<font color="#990000">.</font>yourdomain<font color="#990000">.</font>com
	port <font color="#990000">=</font> <font color="#993399">1433</font>
	<font color="#008080">tds</font> version <font color="#990000">=</font> <font color="#993399">7.1</font>
	<font color="#008080">client</font> charset <font color="#990000">=</font> UTF<font color="#990000">-</font><font color="#993399">8</font>
	encryption <font color="#990000">=</font> require
	<font color="#008080">ca</font> file <font color="#990000">=</font> <font color="#990000">/</font>etc<font color="#990000">/</font>ca<font color="#990000">.</font>pem
	check <font color="#008080">certificate</font> hostname <font color="#990000">=</font> yes</tt></pre>

</blockquote>
<p>Note that the host parameter has been updated to specify a fully qualified domain name.  This is the value that the common name will be compared to.</p>

<p>The SQL Relay configuration is no different than the configuration for an insecure connection.  In this example, FREETDSSERVER refers to the FreeTDS FREETDSSERVER entry configured above:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"freetds"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"server=FREETDSSERVER;user=freetdsuser;password=freetdspassword;db=freetdsdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<br/><br/><a name="backendenc-mysql"/><h2>MySQL/MariaDB</h2>

<p>Modern MySQL/MariaDB databases support the following TLS/SSL features:</p>

<ul>
  <li>Encryption</li>
  <li>Certificate Validation</li>
  <li>Common Name Validation</li>
</ul>

<p>MySQL/MariaDB does not support Mutual Authentication over TLS/SSL.</p>

<p>Configuring SQL Relay to use TLS/SSL encryption and authentication with a MySQL/MariaDB database involves:</p>

<ul>
  <li>Installing a certificate and key on the database server</li>
  <li>Configuring the SQL Relay server to support encryption and/or authentication</li>
  <li>Installing CA certs and revocation lists, as necessary, on the SQL Relay server</li>
</ul>

<p>MySQL/MariaDB has supported TLS/SSL encryption and authentication since version 4.0, and encryption has been enabled by default since version 5.7.  Older versions require host configuration to enable encryption though, and a certificate must be installed on the database server to support authentication.  See <a target="_blank" href="https://dev.mysql.com/doc/refman/5.7/en/encrypted-connections.html">Using Encrypted Connections</a> for more information.</p>

<p>On the SQL Relay server, most of the configuration is done in the SQL Relay configuration file, in the string attribute of the connection tag.</p>

<p>The following example requires an encrypted connection:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;host=mysqlhost;db=mysqldb;sslmode=require"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The following connection string options are supported:</p>

<ul>
  <li><b>sslmode</b> - The ssl mode of the connection.</li>
  <ul>
    <li>disable - Don't use an encrypted connection.</li>
    <li>prefer - Use an encrypted connection if the database supports it.</li>
    <li>require - Require an encrypted connection.</li>
    <li>verify-ca - Require an encrypted connection and validate the server's certificate.</li>
    <li>verify-full - Require an encrypted connection, validate the server's certificate, and validate that the common name in the server's certificate matches the server's host name.</li>
  </ul>

  <li><b>tlsversion</b> - the TLS version to use</li>
  <ul>
    <li>TLSv1</li>
    <li>TLSv1.1</li>
    <li>TLSv1.2</li>
    <li>Any more recent version of TLS, as supported by and enabled in the underlying MySQL/MariaDB client/server.</li>
    <li>If left blank or omitted, then the highest supported version is negotiated.</li>
  </ul>

  <li><b>sslkey</b> - The full path name of an ssl key file (eg. /etc/certs/key.pem).</li>
  <li><b>sslcert</b> - The full path name of an ssl certificate file (eg. /etc/certs/cert.pem).</li>
  <li><b>sslcipher</b> - A list of permissable ciphers to use for SSL encryption.  Only necessary if you want to restrict which cipers to use.</li>
  <li><b>sslca</b> - The full path name of an SSL CA certificate to add to the list of trusted CA certificates to validate the host's certificate against (eg. /etc/certs/ca.pem).</li>
  <li><b>sslcapath</b> - The full path name to a directory that contains a set of trusted SSL CA certificates to add to the list of trusted CA certificates to validate the host's certificate against (eg. /etc/certs/ca).</li>
  <li><b>sslcrl</b> - The full path name of an SSL certificate revocation list (eg. /etc/certs/crl.pem).</li>
  <li><b>sslcrlpath</b> - The full path name of a directory that contains a set of SSL certificate revocation lists (eg. /etc/certs/crl).</li>
</ul>

<p>The following example also validates the database server's certificate against the CA cert /etc/ca.pem (but does not validate the common name):</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;host=mysqlhost;db=mysqldb;sslmode=verify-ca;sslca=/etc/ca.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The following example also validates that the common name in the database server's certificate matches the database server's host name:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;host=mysqlhost.yourdomain.com;db=mysqldb;sslmode=verify-full;sslca=/etc/ca.pem"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Note that the host parameter has been updated to specify a fully qualified domain name.  This is the value that the common name will be compared to.</p>

<br/><a name="backendenc-postgresql"/><h2>PostgreSQL</h2>

<p>Modern PostgreSQL databases support the following TLS/SSL features:</p>

<ul>
  <li>Encryption</li>
  <li>Certificate Validation</li>
  <li>Common Name Validation</li>
  <li>Mutual Authentication</li>
</ul>

<p>Configuring SQL Relay to use TLS/SSL encryption and authentication with a PostgreSQL database involves:</p>

<ul>
  <li>Configuring the database server to support secure connections</li>
  <li>Installing a certificate on the database server</li>
  <li>Configuring the SQL Relay server to support secure connections</li>
  <li>Installing a certificate on the SQL Relay server</li>
  <li>Configuring the database server to support encryption and/or authentication</li>
  <li>Installing certificate, key, CA certs, and revocation lists, as necessary, on the database server</li>
  <li>Configuring the SQL Relay server to support encryption and/or authentication</li>
  <li>Installing certificate, key, CA certs, and revocation lists, as necessary, on the SQL Relay server</li>
</ul>

<p>PostgreSQL has supported TLS/SSL encryption and authentication since at least version 7.1.  Enabling encryption and/or authentication is straightforward.  See <a target="_blank" href="https://www.postgresql.org/docs/9.6/static/ssl-tcp.html">Secure TCP/IP Connections with SSL</a> for more information.</p>

<p>On the SQL Relay server, most of the configuration is done by adding an <b>sslmode</b> parameter to the string attribute of the connection tag, in the SQL Relay configuration file.</p>

<p>The following example requires an encrypted connection:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;host=postgresqlhost;db=postgresqldb;sslmode=require"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The following <b>sslmode</b> options are supported:</p>

<ul>
  <li>disable - Don't use an encrypted connection.</li>
  <li>allow - Allow an encrypted connection if the database supports it.</li>
  <li>prefer - Use an encrypted connection if the database supports it.</li>
  <li>require - Require an encrypted connection.</li>
  <li>verify-ca - Require an encrypted connection and validate the server's certificate.</li>
  <li>verify-full - Require an encrypted connection, validate the server's certificate, and validate that the common name in the server's certificate matches the server's host name.</li>
</ul>

<p>If <b>sslmode</b> is set to any value other than disable, then certificate and key files must be present as:</p>

<ul>
  <li>~/.postgresql/postgresql.crt</li>
  <li>~/.postgresql/postgresql.key</li>
</ul>

<p>(where ~/ refers to the home directory of the user that sqlrelay is configured to run as)</p>

<p>If <b>sslmode</b> is set to verify-ca or verify-full then a CA cert file must be present as:</p>

<ul>
  <li>~/.postgresql/root.crt</li>
</ul>

<p>Optionally, a certificate revocation list may also be present as:</p>

<ul>
  <li>~/.postgresql/root.crl</li>
</ul>

<p>See <a target="_blank" href="http://www.postgresql.org/docs/devel/static/libpq-ssl.html#LIBPQ-SSL-FILE-USAGE">SSL Client File Usage</a> for more information about file names and locations.</p>

<p>The following example also validates the database server's certificate (but does not validate the common name):</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;host=postgresqlhost;db=postgresqldb;sslmode=verify-ca"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The following example also validates that the common name in the database server's certificate matches the database server's host name:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqluser;password=postgresqlpassword;host=postgresqlhost.yourdomain.com;db=postgresqldb;sslmode=verify-full"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Note that the host parameter has been updated to specify a fully qualified domain name.  This is the value that the common name will be compared to.</p>

<br/><a name="runas"/><h2>Run-As User and Group</h2>

<p>When a non-root user runs sqlr-start, the SQL Relay server runs as that user and as the primary group of that user.</p>

<p>When root runs sqlr-start, the SQL Relay server runs as a more secure user and group, usually nobody/nobody when built from source, or sqlrelay/sqlrelay when installed from packages.</p>

<p>However, the runasuser and runasgroup attributes can be used to control what user and group the SQL Relay server runs as.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <font color="#009900">runasuser</font><font color="#990000">=</font><font color="#FF0000">"exampleuser"</font> <font color="#009900">runasgroup</font><font color="#990000">=</font><font color="#FF0000">"examplegroup"</font> ...<b><font color="#0000FF">&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>There are several important considerations when setting runasuser/runasgroup:</p>

<ul>
  <li>runasuser is only effective if sqlr-start runs as root.</li>
  <li>runasgroup only effective if sqlr-start runs as a member of the group, or by root.</li>
  <li>All SQL Relay configuration files, and any appropriate database configuration files (such as Oracle's tnsnames.ora and SAP/Sybase's interfaces file) must be readable by the runasuser/runasgroup.  Otherwise various things will fail, most notably, dynamic scaling.</li>
  <li>SQL Relay must be able to write to "run" and "log" directories.  However, when installed from RPM packages, the /var/run/sqlrelay and /var/log/sqlrelay directories are owned by sqlrelay/sqlrelay and have fairly restrictive 755 permissions.  Thus, the permissions on these directories must be manually changed if runasuser or runasgroup are set to any value other than "sqlrelay".  This is not an issue if SQL Relay is built from source, and is not an issue on Windows.</li>
</ul>

<br/><br/><a name="deniedallowedips"/><h2>Allowed/Denied IP Addresses</h2>

<p>By default, clients from any IP address are allowed to connect to the SQL Relay srever.  However, the deinedips and allowedips attributes can be used to restrict the set of IP addresses that clients can connect from.</p>

<p>The deniedips attribute can be configured with a <a target="_blank" href="http://www.regular-expressions.info">regular expression</a> indicating which IP address will be denied access.  The allowedips attribute can also be configured with a <a target="_blank" href="http://www.regular-expressions.info">regular expression</a> to override the deniedips attribute.</p>

<p>For example, to deny all clients except clients connecting from the 192.168.2.0 and 64.45.22.0 networks:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <font color="#009900">deniedips</font><font color="#990000">=</font><font color="#FF0000">".*"</font> <font color="#009900">allowedips</font><font color="#990000">=</font><font color="#FF0000">"(192\.168\.2\..*|64\.45\.22\..*)"</font> ...<b><font color="#0000FF">/&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<br/><br/><a name="pwdenc"/><h2>Password Encryption</h2>

<p>Password encryption enables you to store passwords in the configuration file in a manner that makes them not directly readable.  Passwords for both SQL Relay users and database users may be encrypted.</p>

<p>Encryption and decryption are implemented by loadable modules.  The <i>passwordencryptions</i> section of the configuration file indicates which modules to load, and attributes in the user and connection tags indicate which module to use with the password defined in that same tag.</p>

<p>For example, to use the <i>rot</i> module, which encrypts by performing a simple character rotation:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"rot"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font> <font color="#009900">count</font><font color="#990000">=</font><font color="#FF0000">"13"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"fdyecnffjbeq"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"db"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=oracleuser;password=benpyrcnffjbeq;..."</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>In this example, the <i>id</i> and <i>count</i> attributes configure the <i>rot</i> module.  "13" tells the module to rotate by 13 characters.  The <i>id</i> attribute assigns this particular module configuration an id that will be referenced by user and connection tags.  The <i>id</i> attribute is mandatory.</p>

<p>Note that the password in the user tag is encrypted (unencrypted, it would just be "sqlrpassword") and that the password in the string attribute of the connection tag is also encrypted (unencrypted, it would just be "oraclepassword").  A command line program (described below) is provided to encrypt passwords.</p>

<p>Note also that the passwordencryptionid attribute in both tags refers to the id of the module as set using the <i>id</i> attribute in the passwordencryption tag ( <i>rot13enc</i> ), not the module name ( <i>rot</i> ).</p>

<p>Password encryption modules may be "stacked".  It is possible to load multiple modules and use each one with a different password.  For example, you might want to use the <i>rot</i> module with a count of 13 for the SQL Relay password and a count of 10 for the database password.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"rot"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font> <font color="#009900">count</font><font color="#990000">=</font><font color="#FF0000">"13"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"rot"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"rot10enc"</font> <font color="#009900">count</font><font color="#990000">=</font><font color="#FF0000">"10"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"fdyecnffjbeq"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"db"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=oracleuser;password=ybkmvozkccgybn;..."</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"rot10enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Encryption modules may be either two-way or one-way.  Two-way encryption modules can both encrypt and decrypt a password.  One-way encryption modules can only encrypt a password, not decrypt it.</p>

<p>As such, SQL Relay can use either one-way or two-way encryption to encrypt passwords for SQL Relay users.  However, only two-way encryption can only be used to encrypt passwords for database users.</p>

<p>The command line tool <b>sqlr-pwdenc</b> is provided to help encrypt passwords for inclusion in the configuration file.  Given an encryption module and password, it will print out the encrypted password.</p>

<blockquote>
  <pre>sqlr-pwdenc [-config configfile] -id id -pwdencid passwordencryptionid -password password
</pre>

</blockquote>
<ul>
  <li><b>configfile</b> - optional and refers to the configuration file</li>
  <li><b>id</b> - the instance within the configuration file to look for the specified password encryption module definition</li>
  <li><b>passwordencryptionid</b> - the id of the password encryption module to use</li>
  <li><b>password</b> - the password to encrypt</li>
</ul>

<p>For example:</p>

<blockquote>
  <pre>$ sqlr-pwdenc -id example -pwdencid rot13enc -password oraclepassword
benpyrcnffjbeq
</pre>

</blockquote>
<p>The resulting string "benpyrcnffjbeq" can now be put in the configuration file as the password.</p>

<p>There is one final thing to note.  Command line client programs like sqlrsh and sqlr-import take a -id option.  The -id option causes the program to open the configuration file and extract the host, port, socket, user and password from the specified instance.  If the password is encrypted, then the encrypted password will be extracted and passed to the server.  This will fail.  So, when using the -id option with an encrypted password, you must also use the -user and -password option, to override the user/password that are extracted from the configuration file.</p>

<p>For example, rather than just using:</p>

<blockquote>
  <pre>sqlrsh -id example
</pre>

</blockquote>
<p>You should use:</p>

<blockquote>
  <pre>sqlrsh -id example -user sqlruser -password sqlrpassword
</pre>

</blockquote>
<p>Currently, the following password encryption modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li>rot</li>
  <li>md5</li>
  <li>sha1</li>
  <li>sha256</li>
  <li>des</li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="rot"/><h3>rot</h3>

<p>The <b>rot</b> module is a two-way encryption module that performs a character rotation, similar to the popular <a target="_blank" href="http://en.wikipedia.org/wiki/ROT13">ROT13</a> algorithm, though it can rotate by any amount specified in the <i>count</i> attribute, not just 13 and rotates digits as well as upper and lower-case characters.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"rot"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font> <font color="#009900">count</font><font color="#990000">=</font><font color="#FF0000">"13"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"fdyecnffjbeq"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"db"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=oracleuser;password=benpyrcnffjbeq;..."</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"rot13enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Since the ROT algorithm is two-way, it can be used to encrypt passwords for both SQL Relay users and database users.</p>

<br/><a name="md5"/><h3>md5</h3>

<p>The <b>md5</b> module is a one-way encryption module that encrypts the password using the <a target="_blank" href="http://en.wikipedia.org/wiki/MD5">MD5</a> algorithm.  This module has no parameters.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"md5"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"md5enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"b3553e9ee74fc545fb632f92e0a5f1ea"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"md5enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Since the MD5 algorithm is one-way, it can be used to encrypt passwords for SQL Relay users, but not database users.</p>

<br/><a name="sha1"/><h3>sha1</h3>

<p>The <b>sha1</b> module is a one-way encryption module that encrypts the password using the <a target="_blank" href="http://en.wikipedia.org/wiki/SHA-1">SHA-1</a> algorithm.  This module has no parameters.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sha1"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sha1enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"75e0c08dceb871fbf39ccf3049c6df1e60984d9a"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"sha1enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Since the SHA-1 algorithm is one-way, it can be used to encrypt passwords for SQL Relay users, but not database users.</p>

<br/><a name="sha256"/><h3>sha256</h3>

<p>The <b>sha256</b> module is a one-way encryption module that encrypts the password using the <a target="_blank" href="http://en.wikipedia.org/wiki/SHA-2">SHA-256</a> algorithm.  This module has no parameters.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sha1"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sha1enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"fb3869b97931d922ab4f6060ab4958f17dc05613f0ff6c584ce4000af5fab460"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"sha1enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Since the SHA-256 algorithm is one-way, it can be used to encrypt passwords for SQL Relay users, but not database users.</p>

<br/><a name="des"/><h3>des</h3>

<p>The <b>des</b> module is a one-way encryption module that encrypts the password using the <a target="_blank" href="http://en.wikipedia.org/wiki/Data_Encryption_Standard">DES</a> algorithm using a salt specified in the <i>salt</i> attribute.  The salt is required and must be a 2 digit alphanumeric code.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"crypt"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"cryptenc"</font> <font color="#009900">salt</font><font color="#990000">=</font><font color="#FF0000">"sr"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"nIdCgucqUQg"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"cryptenc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Since the DES algorithm is one-way, it can be used to encrypt passwords for SQL Relay users, but not database users.</p>

<br/><a name="aes128"/><h3>aes128</h3>

<p>The <b>aes128</b> module is a two-way encryption module that performs AES128 (CBC) encryption/decryption.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;passwordencryptions&gt;</font></b>
			<b><font color="#0000FF">&lt;passwordencryption</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"aes128"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"aes128enc"</font> <font color="#009900">key</font><font color="#990000">=</font><font color="#FF0000">"000102030405060708090a0b0c0d0e0f"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/passwordencryptions&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sqlruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"1f7be0255e24783696a1783114e28667320ecef9537b5da48c19dbfa793fbcaf"</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"aes128enc"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"db"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=oracleuser;password=153b3125b0ce225e06c3f61eb68a2b062eb6bdc17db4894620f8067cfec4c1bf;..."</font> <font color="#009900">passwordencryptionid</font><font color="#990000">=</font><font color="#FF0000">"aes128enc"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Since the aes128 algorithm is two-way, it can be used to encrypt passwords for both SQL Relay users and database users.</p>

<p>The key attribute of the passwordencryption element contains a hexidecimal representation of the 128 bit (16 byte) key.  The password attribute of the user element, and password parameter of the string attribute of the connection element contain hexidecimal representations of the encrypted passwords.</p>

<p>Note that multiple runs of sqlr-pwdenc with the same key and password will generate different results each time.  This is the correct behavior.  The first 128 bits (16 bytes) of the encrypted password are the "initialization vector" - a randomly generated string used in conjunction with the key to encrypt/decrypt the password.  This vector is generated each time sqlr-pwdenc is run.  Successive runs of sqlr-pwdenc generate different initialization vectors, and thus different encrypted passwords.</p>

<br/><a name="schedules"/><h2>Connection Schedules</h2>

<p>Connection schedules enable the SQL Relay server to control when users are allowed to access the database.</p>

<p>Connection schedules are implemented by loadable modules.  The <i>schedules</i> section of the configuration file indicates which modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;schedules&gt;</font></b>
			<i><font color="#9A1900">&lt;!-- allow these users during business hours --&gt;</font></i>
			<b><font color="#0000FF">&lt;schedule</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"cron_userlist"</font> <font color="#009900">default</font><font color="#990000">=</font><font color="#FF0000">"deny"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;users&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"dmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"kmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"imuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"smuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/users&gt;</font></b>
				<b><font color="#0000FF">&lt;rules&gt;</font></b>
					<b><font color="#0000FF">&lt;allow</font></b> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"* * * 2-5 8:00-11:59,13:00-16:59"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/rule&gt;</font></b>
			<b><font color="#0000FF">&lt;/schedule&gt;</font></b>
		<b><font color="#0000FF">&lt;/schedules&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All schedule modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Connection schedule modules can be "stacked".  Multiple different modules may be loaded, and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;schedules&gt;</font></b>
			<i><font color="#9A1900">&lt;!-- allow these users during business hours --&gt;</font></i>
			<b><font color="#0000FF">&lt;schedule</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"cron_userlist"</font> <font color="#009900">default</font><font color="#990000">=</font><font color="#FF0000">"deny"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;users&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"imuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"smuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/users&gt;</font></b>
				<b><font color="#0000FF">&lt;rules&gt;</font></b>
					<b><font color="#0000FF">&lt;allow</font></b> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"* * * 2-5 8:00-11:59,13:00-16:59"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/rule&gt;</font></b>
			<b><font color="#0000FF">&lt;/schedule&gt;</font></b>

			<i><font color="#9A1900">&lt;!-- allow these users at any time --&gt;</font></i>
			<b><font color="#0000FF">&lt;schedule</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"cron_userlist"</font> <font color="#009900">default</font><font color="#990000">=</font><font color="#FF0000">"deny"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;users&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"dmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"kmuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/users&gt;</font></b>
				<b><font color="#0000FF">&lt;rules&gt;</font></b>
					<b><font color="#0000FF">&lt;allow</font></b> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"* * * * *"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/rule&gt;</font></b>
			<b><font color="#0000FF">&lt;/schedule&gt;</font></b>
		<b><font color="#0000FF">&lt;/schedules&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>At startup, the SQL Relay server creates instances of the specified schedule modules and initializes them.  When a client connects, the server passes the supplied credentials to each module, in the order that they were specified in the config file.  Each module applies its rules to the specified user.  If a module denies access to a user then the remaining modules are ignored.  If the user makes it through all modules without being denies access, then the user is allowed access.</p>

<p>Currently, only the ''cron_userlist'' connection schedule module is available in the standard SQL Relay distribution.  Custom modules may be developed though.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="cron_userlist"/><h3>cron_userlist</h3>

<p>The <b>cron_userlist</b> module enables you to define a connection schedule for a list of users, using a cron-like syntax.</p>

<p><b>Note though, that the time-and-date fields have different meanings from traditional cron.</b></p>

<p>An example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;schedules&gt;</font></b>
			<i><font color="#9A1900">&lt;!-- allow these users during business hours --&gt;</font></i>
			<b><font color="#0000FF">&lt;schedule</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"cron_userlist"</font> <font color="#009900">default</font><font color="#990000">=</font><font color="#FF0000">"deny"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;users&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"dmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"kmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"imuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"smuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/users&gt;</font></b>
				<b><font color="#0000FF">&lt;rules&gt;</font></b>
					<b><font color="#0000FF">&lt;allow</font></b> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"* * * 2-5 8:00-11:59,13:00-16:59"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/rule&gt;</font></b>
			<b><font color="#0000FF">&lt;/schedule&gt;</font></b>
		<b><font color="#0000FF">&lt;/schedules&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, the module denies access to all users by default, but then allows access to the dmuse, kmuse, imuse, and smuse users during business hours.  In this case, business hours are defined as:</p>

<ul>
  <li>every year</li>
  <li>every month</li>
  <li>every day of the month</li>
  <li>between days 2-5 (Monday-Friday) of the week</li>
  <li>between 8:00AM and 11:59AM and 1:00PM and 4:59PM</li>
</ul>

<p>Another example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;schedules&gt;</font></b>
			<i><font color="#9A1900">&lt;!-- deny these users during non-business hours --&gt;</font></i>
			<b><font color="#0000FF">&lt;schedule</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"cron_userlist"</font> <font color="#009900">default</font><font color="#990000">=</font><font color="#FF0000">"allow"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;users&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"dmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"kmuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"imuse"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"smuse"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/users&gt;</font></b>
				<b><font color="#0000FF">&lt;rules&gt;</font></b>
					<b><font color="#0000FF">&lt;deny</font></b> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"* * * 2-5 00:00-7:59,12:00-12:59,17:00-23:59"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;deny</font></b> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"* * * 1,7 *"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/rules&gt;</font></b>
			<b><font color="#0000FF">&lt;/schedule&gt;</font></b>
		<b><font color="#0000FF">&lt;/schedules&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, the module allows access to all users by default, but then denies access to the dmuse, kmuse, imuse, and smuse users during non-business hours.  In this case, non-business hours are defined as:</p>

<ul>
  <li>every year</li>
  <li>every month</li>
  <li>every day of the month</li>
  <li>between days 2-5 (Monday-Friday) of the week</li>
  <ul>
    <li>between 12:00AM and 7:59AM</li>
    <li>between 12:00PM and 12:59PM</li>
    <li>between 5:00PM and 11:59PM</li>
  </ul>

  <li>on days 1 and 7 (Saturday and Sunday) of the week, at all hours</li>
</ul>

<p>The <b>users</b> tag defines a list of users to apply the schedule to.  It may contain any number of <b>user</b> tags.</p>

<p>The <b>user</b> tags support the following attributes:</p>

<ul>
  <li><b>user</b> - the name of a user or * meaning "all users"</li>
</ul>

<p>If a user does not appear in this list then it is granted access at any time.  If a user appears in the list then the schedule will be applied to that user.</p>

<p>The <b>default</b> attribute of the <b>schedule</b> tag defines the default rule.</p>

<ul>
  <li><b>allow</b> - allow access to the list of users unless they are denied access by the set of rules</li>
  <li><b>deny</b> - deny access to the list of users unless they are allowed access by the set of rules</li>
</ul>

<p>The <b>rules</b> tag defines the list of rules that modify the default behavior.  It may contain <b>allow</b> or <b>deny</b> tags.</p>

<p>The <b>allow</b> and <b>deny</b> tags support the following attributes:</p>

<ul>
  <li><b>when</b> - the years, months, days of month, days of week, and times of day that the rule applies to</li>
</ul>

<p>The format of the <b>when</b> attribute is cron-like.  There are 5 fields, separated by spaces.</p>

<p><b>Note again though, that the time-and-date fields have different meanings from traditional cron.</b></p>

<p>The fields represent, in order:</p>

<ul>
  <li>years</li>
  <li>months (where 1=January)</li>
  <li>days of the month</li>
  <li>days of the week (where 1=Sunday)</li>
  <li>times of day, in 24-hour format</li>
</ul>

<p>In each field, ranges may be specified with a dash, and sets may be separated by commas.  A * means "all possible values".</p>

<p>For example:</p>

<p>All day, every day, at any time of day:</p>

<blockquote>
  <pre>* * * * *
</pre>

</blockquote>
<p>All day, every month, on the 1st, 3rd through 5th, 8th, and 10th through 12th of the month:</p>

<blockquote>
  <pre>* * 1,3-5,8,10-12 * *
</pre>

</blockquote>
<p>Every day from 8:00AM through 11:59AM and 1:00PM through 4:59PM:</p>

<blockquote>
  <pre>* * * * 8:00-11:59,13:00-16:59
</pre>

</blockquote>
<p>Every day from 1:00PM to 4:00PM:</p>

<blockquote>
  <pre>* * * * 13:00-16:00
</pre>

</blockquote>
<p>All day, every Saturday:</p>

<blockquote>
  <pre>* * * 6 *
</pre>

</blockquote>
<p>All day, every day, in February and March:</p>

<blockquote>
  <pre>* 2,3 * * *
</pre>

</blockquote>
<p>Every day in February and March, from noon to 3PM:</p>

<blockquote>
  <pre>* 2,3 * * 12:00-15:00
</pre>

</blockquote>
<p>...and so on.</p>

<p>In general, the module works as follows:</p>

<ul>
  <li>When a user connects, the module looks for the user in the list of users.</li>
  <ul>
    <li>If the user is not found then access is granted.</li>
    <li>If the user is found, then the default rule is applied.</li>
    <ul>
      <li>Each rule in the rules list is evaluated.</li>
      <ul>
        <li>If the rule doesn't apply to the current time, then it is ignored.</li>
        <li>If the rule does apply to the current time, then it is applied.</li>
        <ul>
          <li>Each rule may reverse the outcome the previous rules.</li>
        </ul>

      </ul>

      <li>When all rules have been applied, the user will have been allowed or denied access.</li>
    </ul>

  </ul>

</ul>

<br/><br/><a name="filtering"/><h2>Query Filtering</h2>

<p>Query Filter modules enable the SQL Relay server programs to filter out queries, and not pass them along to the database.</p>

<p>Query filters are implemented by loadable modules.  The <i>filters</i> section of the configuration file indicates which filter modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">" [0-9]*=[0-9]*"</font> <font color="#009900">errornumbrer</font><font color="#990000">=</font><font color="#FF0000">"100"</font> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"regex filter violation"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All filter modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>All filter modules have an <i>when</i> attribute as well, which determines when the filter is applied.  If set to "before" then the module is executed before any query translations are executed.  If set to "after", or omitted, then the module is executed  after all query translations have been executed.  See <a href="#querytranslations">Query Translations</a> below for more information.</p>

<p>Filter modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">" [0-9]*=[0-9]*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^(create)"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^(drop)"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"hugetable"</font> <font color="#009900">ignorecase</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"badschema"</font> <font color="#009900">ignorecase</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>At startup, the SQL Relay server creates instances of the specified filter modules and initializes them.  When a query is run, the server passes the query to each module, in the order that they were specified in the config file.  If a module filters out the query, then it isn't passed along to the next module, nor is it sent to the database, and the client program is told that the query failed.</p>

<p>When using query filters, it is helpful to use the <i>normalize</i> query translation too:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">" [0-9]*=[0-9]*"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Pattern matching is substantially more reliable and efficient if the query has been normalized first.  See <a href="#querytranslations">Query Translations</a> and the <a href="#normalize">normalize</a> translation below for more information.</p>

<p>Currently, the following filter modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>patterns</b></li>
  <li><b>regex</b></li>
  <li><b>string</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="filter-patterns"/><h3>patterns</h3>

<p>The <b>patterns</b> module matches the query against a specified set of patterns.  Each pattern may be a string, case-insensitive string, or regular expression.  Each pattern may also be matched against the entire query, only the parts of the query that are outside of quotes, or only the parts of the query that are contained within quotes.  If the query matches, then it is filtered out.</p>

<p>The list of patterns is given by a set of <b>pattern</b> child tags.  Each pattern tag may contain the following attributes.</p>

<ul>
  <li><b>pattern</b> - Required.  The pattern to match.</li>
  <li><b>type</b> - Optional.  Defaults to "string".  Valid values are "string", "cistring" (case insensitive string), and "regex" (regular expression).</li>
  <li><b>scope</b> - Optional.  Defaults to "query".  Valid values are "query" (attempt to match against the entire query), "outsidequotes" (only match parts of the query not surrounded by single-quotes), and "insidequotes" (only match parts of the query surrounded by single-quotes).</li>
  <li><b>errornumber</b> - Optional.  Defaults to 0.  The error number to return to the client if the query matches this filter.</li>
  <li><b>error</b> - Optional.  Defaults to an empty string.  The error string to return to the client if the query matches this filter.</li>
</ul>

<p>For example, with the following configuration...</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"patterns"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^(create)"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^(drop)"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"cistring"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"hugetable"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"badstring"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"insidequotes"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/filter&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>These queries would be filtered out:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>drop table mytable
create <font color="#008080">table</font> <b><font color="#000000">mytable</font></b> <font color="#990000">(</font><font color="#008080">col1</font> <font color="#009900">int</font><font color="#990000">)</font>
select <font color="#990000">*</font> from HugeTable
select <font color="#990000">*</font> from badstringtable <font color="#008080">where</font> col1<font color="#990000">=</font><font color="#FF0000">'badstring'</font>
</tt></pre>

</blockquote>
<p>But these queries would not be:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>insert into <font color="#008080">mytable</font> <b><font color="#000000">values</font></b> <font color="#990000">(</font><font color="#993399">1</font><font color="#990000">)</font>
select <font color="#990000">*</font> from goodtable
select <font color="#990000">*</font> from badstringtable <font color="#008080">where</font> col1<font color="#990000">=</font><font color="#FF0000">'goodstring'</font>
</tt></pre>

</blockquote>
<br/><br/><a name="filter-regex"/><h3>regex</h3>

<p>The <b>regex</b> module matches the query against a specified regular expression pattern.  If the query matches, then it is filtered out.  This module is useful if you need to do a quick match, without the complexity of the patterns module.</p>

<p>In addition to the module attribute, each filter tag may contain the following attributes.</p>

<ul>
  <li><b>pattern</b> - Required.  The pattern to match.</li>
  <li><b>errornumber</b> - Optional.  Defaults to 0.  The error number to return to the client if the query matches this filter.</li>
  <li><b>error</b> - Optional.  Defaults to an empty string.  The error string to return to the client if the query matches this filter.</li>
</ul>

<p>For example, with the following configuration:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">" [0-9]*=[0-9]*"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>This query would be filtered out:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>select <font color="#990000">*</font> from mytable <font color="#008080">where</font> column1<font color="#990000">=</font><font color="#993399">1</font> and <font color="#993399">1</font><font color="#990000">=</font><font color="#993399">1</font>
</tt></pre>

</blockquote>
<p>But this query would not be:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>select <font color="#990000">*</font> from mytable <font color="#008080">where</font> column1<font color="#990000">=</font><font color="#993399">1</font>
</tt></pre>

</blockquote>
<br/><br/><a name="filter-string"/><h3>string</h3>

<p>The <b>string</b> module matches the query against a specified string pattern.  If the query matches, then it is filtered out.  This module is useful if you need to do a quick match without the complexity of regular expressions or of the patterns module.</p>

<p>In addition to the module attribute, each filter tag may contain the following attributes.</p>

<ul>
  <li><b>pattern</b> - Required.  The pattern to match.</li>
  <li><b>ignorecase</b> - Optional.  Defaults to "no".  If set to "yes" then the comparison is case insensitive.</li>
  <li><b>errornumber</b> - Optional.  Defaults to 0.  The error number to return to the client if the query matches this filter.</li>
  <li><b>error</b> - Optional.  Defaults to an empty string.  The error string to return to the client if the query matches this filter.</li>
</ul>

<p>For example, with the following configuration:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"hugetable"</font> <font color="#009900">ignorecase</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">errornumbrer</font><font color="#990000">=</font><font color="#FF0000">"100"</font> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"string filter violation"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>This query would be filtered out:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>select <font color="#990000">*</font> from hugetable
</tt></pre>

</blockquote>
<p>But this query would not be:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>select <font color="#990000">*</font> from goodtable <font color="#008080">where</font> column1<font color="#990000">=</font><font color="#993399">1</font>
</tt></pre>

</blockquote>
<br/><br/><a name="filter-tag"/><h3>tag</h3>

<p>The <b>tag</b> module matches queries in the same manner as the <a href="#filter-patterns">patterns</a> module described above, and is configured similarly:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;moduledatas&gt;</font></b>
			<b><font color="#0000FF">&lt;moduledata</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"tag"</font> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"tags"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/moduledatas&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;filters&gt;</font></b>
			<b><font color="#0000FF">&lt;filter</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"tag"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^(create)"</font> <font color="#009900">tag</font><font color="#990000">=</font><font color="#FF0000">"create or drop query"</font> <font color="#009900">moduledataid</font><font color="#990000">=</font><font color="#FF0000">"tags"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^(drop)"</font> <font color="#009900">tag</font><font color="#990000">=</font><font color="#FF0000">"create or drop query"</font> <font color="#009900">moduledataid</font><font color="#990000">=</font><font color="#FF0000">"tags"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"cistring"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"hugetable"</font> <font color="#009900">tag</font><font color="#990000">=</font><font color="#FF0000">"hugetable query"</font> <font color="#009900">moduledataid</font><font color="#990000">=</font><font color="#FF0000">"tags"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"badstring"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"insidequotes"</font> <font color="#009900">tag</font><font color="#990000">=</font><font color="#FF0000">"contains badstring"</font> <font color="#009900">moduledataid</font><font color="#990000">=</font><font color="#FF0000">"tags"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/filter&gt;</font></b>
		<b><font color="#0000FF">&lt;/filters&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Note the moduledata tag defined prior to the filters tag.  Moduledata modules basically allow one module to pass data to another.  See <a href="#moduledata">Module Data</a> below for more details.  The tag filter module interoperates with the tag moduledata module and requires an instance of it to work.</p>

<p>In the tag module, if the query matches the pattern, then instead of filtering it out so that it isn't executed, the query is "tagged" with the value specified in the <b>tag</b> attribute in the instance of moduledata specified by the <b>moduledataid</b> attribute.  Other modules (translation modules, for example) could then query the specified moduledata for the presence or absence of this value, and act accordingly.</p>

<p>Currently, no open source modules make use of the tag filter/moduledata module,  however custom modules may be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<hr/>

<br/><a name="translation"/><h1>Data Translation</h1>

<p>SQL Relay offers features for parsing and translating queries, and translating result sets.</p>

<br/><a name="queryparsing"/><h2>Query Parsing</h2>

<p>Query parsing enables the SQL Relay server to create a DOM tree representing the query, which can be more easily processed than plain text by other modules.</p>

<p>Parsers are implemented as loadable modules.  The <i>parser</i> section of the configuration file indicates which parser module to load and what parameters to configure it with.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;parser</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ...<b><font color="#0000FF">/&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>At startup, the SQL Relay server creates an instance of the specified parser modules and initializes it.  When a query is run, the server passes the query to the parser, which parses it and makes the DOM tree representing the query available to other modules.</p>

<p>Currently, no open source parser modules are available, however custom modules may be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="querytranslation"/><h2>Query Translation</h2>

<p>Query translation enables the SQL Relay server to modify queries before passing them to the database.</p>

<p>Query translation is implemented by loadable modules.  The <i>translations</i> section of the configuration file indicates which translation modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All translation modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Query translation modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified translations modules and initializes them.  When a query is run, the server passes the query to each module, in the order that they were specified in the config file.  If a module modifies the query, then that modified query is passed on to the next module.</p>

<p>Currently, the following translation modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>normalize</b></li>
  <li><b>patterns</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="normalize"/><h3>normalize</h3>

<p>The <b>normalize</b> module performs the following operations on a query:</p>

<ul>
  <li>Removes comments.</li>
  <li>Converts all white-space characters to spaces, outside of quoted strings.</li>
  <li>Converts multiple spaces into a single space, outside of quoted strings.</li>
  <li>Removes whitespace from around operators.</li>
  <li>Converts static concatenations to equivalent strings.  Eg. converts 'he' || 'll' || 'o' to 'hello'.</li>
  <li>Optionally converts the query to lower or upper case as specified by parameters described below.</li>
  <li>Optionally converts comma-separated decimals to dot-separated decimals.</li>
  <li>Optionally removes double-quotes around database object names.</li>
</ul>

<p>For example, the following query:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>sElEcT
	<font color="#990000">*,</font>
	<font color="#FF0000">'He'</font> <font color="#990000">||</font> <font color="#FF0000">'Ll'</font> <font color="#990000">||</font> <font color="#FF0000">'o'</font>
from
	myTABLE
where
	myTaBLe<font color="#990000">.</font>CoLuMn1    <font color="#990000">=</font>     myTablE<font color="#990000">.</font>ColuMN2  <font color="#990000">/</font>    <font color="#993399">2</font>
</tt></pre>

</blockquote>
<p>Would be translated to:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>select <font color="#990000">*,</font> <font color="#FF0000">'HeLlo'</font> from mytable <font color="#008080">where</font> mytable<font color="#990000">.</font>column1 <font color="#990000">=</font> mytable<font color="#990000">.</font>column2<font color="#990000">/</font><font color="#993399">2</font>
</tt></pre>

</blockquote>
<p>Normalizing a query is useful when also using <a href="#filtering">query filtering</a> as it simplifies the patterns that have to be searched for.</p>

<p>The following attributes are currently supported:</p>

<ul>
  <li><b>foreigndecimals</b> - "yes" or "no".  Defaults to "no".</li>
  <ul>
    <li>SQL requires dots for decimal separators.  However, some internationalized apps are not well behaved and build queries with decimals that use commas for decimal separators.  This attribute instructs the module to try to identify comma-separated decimals and replace the commas with dots.</li>
    <li>This can be tricky, especially with decimals in parentheses, which can be misinterpreted as parameters.  To help manage this, a space before a set of comma-separated numbers is interpreted as a delimiter, and no number may have more than 1 decimal separator.</li>
    <li>For example:</li>
    <ul>
      <li>(111,222, 333,444) is interpreted as having 2 decimals: 111.222 and 333.444</li>
      <li>(111, 222, 333,444) is interpreted as having 2 integers and 1 decimal: 111 and 222 and 333.444</li>
      <li>(111,222, 333,444,555) is interpreted as having 2 decimals and 1 integer: 111.222 and 333.444 and 555</li>
      <li>(111,222) is interpreted as 2 integers: 111 and 222</li>
      <li>( 111,222) is interpreted as 1 decimal: 111.222</li>
      <li>etc.</li>
    </ul>

  </ul>

  <li><b>convertcase</b> - "upper", "lower", or "no".  Defaults to "lower".</li>
  <ul>
    <li>If set to "upper" or "lower" then the entire query is converted to the specified case, except for strings surrounded by single or double quotes.</li>
    <li>If set to "no" then no case conversion is done.</li>
    <li>If omitted then the value defaults to "lower".</li>
  </ul>

  <li><b>convertcasedoublequoted</b> - "upper", "lower", "yes", or "no".  Defaults to "no".</li>
  <ul>
    <li>If set to "upper" or "lower" then values enclosed in double-quotes are converted to the specified case.  Double-quotes usually surround the names of database objects such as table, index, or column names to indicate that they should be interpreted in a case-sensitive manner.  So, effectively, setting this to "yes" forces the case of the quoted object names in the query.</li>
    <ul>
      <li>Some databases (eg. Oracle) default object names to upper case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>EXAMPLETABLE</i> with a column named <i>COL1</i>.</li>
      </ul>

      <li>Some databases (eg. PostgreSQL, MySQL/MariaDB, others) default object names to the specified case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>exampletable</i> with a column named <i>col1</i>.</li>
      </ul>

      <li>This can be useful when converting an app from one type of database to the other if the app's queries contain quoted object names.</li>
    </ul>

    <li>If set to "yes" then values enclosed in double-quotes are converted to the case specified by the convertcase attribute.</li>
    <li>If set to "no" then no case conversion is done.</li>
    <li>If omitted then the value defaults to "no".</li>
  </ul>

  <li><b>convertcasebackquoted</b> - "upper", "lower", "yes", or "no".  Defaults to "no".</li>
  <ul>
    <li>If set to "upper" or "lower" then values enclosed in back-quotes are converted to the specified case.  In some database (MySQL/MariaDB) back-quotes can be used to surround the names of database objects such as table, index, or column names to indicate that they should be interpreted in a case-sensitive manner.  So, effectively, setting this to "yes" forces the case of the quoted object names in the query.</li>
    <ul>
      <li>Some databases (eg. Oracle) default object names to upper case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>EXAMPLETABLE</i> with a column named <i>COL1</i>.</li>
      </ul>

      <li>Some databases (eg. PostgreSQL, MySQL/MariaDB, others) default object names to the specified case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>exampletable</i> with a column named <i>col1</i>.</li>
      </ul>

      <li>This can be useful when converting an app from one type of database to the other if the app's queries contain quoted object names.</li>
    </ul>

    <li>If set to "yes" then values enclosed in back-quotes are converted to the case specified by the convertcase attribute.</li>
    <li>If set to "no" then no case conversion is done.</li>
    <li>If omitted then the value defaults to "no".</li>
  </ul>

  <li><b>removedoublequotes</b> - "yes" or "no".  Defaults to "no".</li>
  <ul>
    <li>If set to "yes" then double-quotes are removed, except for escaped double quotes.  Double-quotes usually surround the names of database objects such as table, index, or column names to indicate that they should be interpreted in a case-sensitive manner.  So, effectively, setting this to "yes" causes the database to interpret the object names case-insensitively.</li>
    <ul>
      <li>Some databases (eg. Oracle) default object names to upper case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>EXAMPLETABLE</i> with a column named <i>COL1</i>.</li>
      </ul>

      <li>Some databases (eg. PostgreSQL, MySQL/MariaDB, others) default object names to the specified case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>exampletable</i> with a column named <i>col1</i>.</li>
      </ul>

      <li>This can be useful when converting an app from one type of database to the other if the app's queries contain quoted object names.</li>
    </ul>

    <li>If set to "no" then double-quotes are not removed.</li>
    <li>If omitted then the value defaults to "no".</li>
  </ul>

  <li><b>removebackquotes</b> - "yes" or "no".  Defaults to "no".</li>
  <ul>
    <li>If set to "yes" then back-quotes are removed, except for escaped back quotes.  In some databases (MySQL/MariaDB) back-quotes can be used to surround the names of database objects such as table, index, or column names to indicate that they should be interpreted in a case-sensitive manner.  So, effectively, setting this to "yes" causes the database to interpret the object names case-insensitively.</li>
    <ul>
      <li>Some databases (eg. Oracle) default object names to upper case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>EXAMPLETABLE</i> with a column named <i>COL1</i>.</li>
      </ul>

      <li>Some databases (eg. PostgreSQL, MySQL/MariaDB, others) default object names to the specified case when creating the object, if the object names are unquoted in the create statement.</li>
      <ul>
        <li>Eg. 'create table exampletable (col1 int)' creates a table named <i>exampletable</i> with a column named <i>col1</i>.</li>
      </ul>

      <li>This can be useful when converting an app from one type of database to the other if the app's queries contain quoted object names.</li>
    </ul>

    <li>If set to "no" then back-quotes are not removed.</li>
    <li>If omitted then the value defaults to "no".</li>
  </ul>

  <li><b>slashescape</b> - "yes" or "no".  Defaults to "yes".</li>
  <ul>
    <li>Most databases support <i>double-escaped</i> quotes.  For example, if a quoted string needs to contains a quote, then that would be expressed like: 'I said ''hello'' to her.'</li>
    <li>Some databases support <i>slash-escaped</i> quotes.  For example, if a quoted string needs to contains a quote, then that would be expressed like: 'I said \'hello\' to her.'</li>
    <li>By default, the normalize translation converts slash-escaped single, double, and back-quotes to double-escaped single, double, and back-quotes.</li>
    <li>If slashescape is set to "no" then the slash will be ignored as an escape character, and the quote (or double/back quote) and slash will be interpreted literally, potentially affecting case conversion and quote removal.</li>
  </ul>

  <li><b>doubleescape</b> - "yes" or "no".  Defaults to "yes".</li>
  <ul>
    <li>Most databases support <i>double-escaped</i> quotes.  For example, if a quoted string needs to contains a quote, then that would be expressed like: 'I said ''hello'' to her.'</li>
    <li>By default, the normalize translation interprets double-escaped single, double, and back-quotes in this manner.</li>
    <li>If doubleescape is set to "no" then all quotes, double-quotes, and back-quotes will be interpreted literally, potentially affecting case conversion and quote removal.</li>
  </ul>

</ul>

<br/><br/><a name="patterns"/><h3>patterns</h3>

<p>The <b>patterns</b> module enables you to match the entire query, or parts of it, against a pattern, and then replace the matching part.</p>

<p>The module is highly configurable, and capable of doing some fairly complex substitutions.  For example:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"patterns"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"old_tablename"</font> <font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"new_tablename"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"outsidequotes"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font> <font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"David"</font> <font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"Dave"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"insidequotes"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"cistring"</font> <font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"Johnathan"</font> <font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"John"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"insidequotes"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"(Dan|Danny)"</font> <font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"Daniel"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"insidequotes"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"(Rich|Richie)"</font> <font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"Richard"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"insidequotes"</font> <font color="#009900">global</font><font color="#990000">=</font><font color="#FF0000">"no"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"^show tables$"</font> <font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"select * from user_tables"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/translation&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, several pattern-translations are defined, instructing the module to:</p>

<ul>
  <li>Convert <i>old_tablename</i> to <i>new_tablename</i>, but only outside of quoted strings.</li>
  <li>Convert <i>David</i> to <i>Dave</i>, but only inside of quoted strings.</li>
  <li>Convert <i>Johnathan</i> to <i>John</i>, but only inside of quoted strings, and using case-insensitive matching.</li>
  <li>Convert <i>Dan</i> or <i>Danny</i> to <i>Daniel</i>, but only inside of quoted strings.</li>
  <li>Convert only the first instance of <i>Rich</i> or <i>Richie</i> to <i>Richard</i>, and only inside of quoted strings.</li>
  <li>Convert the entire query <i>show tables</i> to the entire query <i>select * from user_tables</i>.</li>
</ul>

<p>This example illustrates the use of several attributes of the pattern tag:</p>

<ul>
  <li><b>type</b> - The type of matching to do.  Options include:</li>
  <ul>
    <li><i>string</i> - basic string matching - the default</li>
    <li><i>cistring</i> - case-insensitive string matching</li>
    <li><i>regex</i> - regular-expression matching</li>
  </ul>

  <li><b>from</b> - The pattern to match.</li>
  <li><b>to</b> - The string to convert matching parts of the query to.</li>
  <li><b>scope</b> - Where to match and translate.  Options include:</li>
  <ul>
    <li><i>anywhere</i> - anywhere in the query - the default</li>
    <li><i>outsidequotes</i> - only outside of quoted strings</li>
    <li><i>insidequotes</i> - only inside of quoted strings</li>
  </ul>

  <li><b>global</b> - Only valid when type="regex".  Options include:</li>
  <ul>
    <li><i>yes</i> - find all matches - the default</li>
    <li><i>no</i> - only find the first match</li>
  </ul>

</ul>

<p>Note that in this example, the normalize translation is loaded prior to the patterns translation.  Pattern matching is substantially more reliable and efficient if the query has been normalized first.  See the <a href="#normalize">normalize</a> translation for more information.</p>

<p>Another powerful feature of the patterns translation module is nested matching:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"patterns"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font>
					<font color="#009900">match</font><font color="#990000">=</font><font color="#FF0000">"^create table .*"</font><b><font color="#0000FF">&gt;</font></b>
					<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font>
						<font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">" tinytext,"</font>
						<font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">" varchar2(254),"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font>
						<font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">" mediumtext,"</font>
						<font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">" varchar2(1023),"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font>
						<font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">" longtext,"</font>
						<font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">" clob,"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/pattern&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font>
					<font color="#009900">match</font><font color="#990000">=</font><font color="#FF0000">"^select .*,oldvalue,newvalue,.* from ticket_change .* union .*"</font><b><font color="#0000FF">&gt;</font></b>
					<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font>
						<font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">",oldvalue,newvalue,"</font>
						<font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">",to_char(oldvalue),to_char(newvalue),"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/pattern&gt;</font></b>
			<b><font color="#0000FF">&lt;/translation&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example...</p>

<p>The first pattern-translation replaces:</p>

<ul>
  <li>the tinytext column type with varchar2(254)</li>
  <li>the mediumtext column type with varchar2(1023)</li>
  <li>the longtext column type with clob</li>
</ul>

<p>But the replacements are only done in <i>create table</i> queries.</p>

<p>It's unlikely that those patterns would show up in other queries, but not impossible.  Also, the translation is made more efficient by the initial match, as it will bail immediately if the query is something other than a create table, rather than having to scan the entire rest of the query.</p>

<p>The second pattern-translation basically wraps oldvalue and newvalue with to_char(), but only in a very specific query.  This is a good example of how the patterns translation can help run an app written for one type of database against a different type of database.  One-off query translations are often necessary in these cases.</p>

<p>Note that in these examples, the outer pattern tags have a match attribute rather than from/to attributes.  When doing nested matching, outer tags use the match attribute to grab pieces of the query, and pass them down to nested tags.</p>

<p>The type, scope, and global attributes are valid for outer pattern tags, but the from and to attributes are ignored in any pattern tag with a match attribute.</p>

<p>Note also that in these examples, the nested pattern tags use type="string", but type="regex" and type="cistring" are supported, as is the global attribute for type="regex".  However, the scope attribute is only valid at the top level and is ignored in nested pattern tags.</p>

<p>Though more than 2 levels is rarely necessary, any level of nesting is supported:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"patterns"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font>
					<font color="#009900">match</font><font color="#990000">=</font><font color="#FF0000">"...pattern to match in query..."</font><b><font color="#0000FF">&gt;</font></b>
					<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font>
						<font color="#009900">match</font><font color="#990000">=</font><font color="#FF0000">"...pattern to match in matching pieces of query..."</font><b><font color="#0000FF">&gt;</font></b>
						<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font>
							<font color="#009900">match</font><font color="#990000">=</font><font color="#FF0000">"...pattern to match in those pieces..."</font><b><font color="#0000FF">&gt;</font></b>
							<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"regex"</font>
								<font color="#009900">match</font><font color="#990000">=</font><font color="#FF0000">"...and so on..."</font><b><font color="#0000FF">&gt;</font></b>
								<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">type</font><font color="#990000">=</font><font color="#FF0000">"string"</font>
									<font color="#009900">from</font><font color="#990000">=</font><font color="#FF0000">"...from pattern..."</font>
									<font color="#009900">to</font><font color="#990000">=</font><font color="#FF0000">"...to pattern..."</font><b><font color="#0000FF">/&gt;</font></b>
							<b><font color="#0000FF">&lt;/pattern&gt;</font></b>
						<b><font color="#0000FF">&lt;/pattern&gt;</font></b>
					<b><font color="#0000FF">&lt;/pattern&gt;</font></b>
				<b><font color="#0000FF">&lt;/pattern&gt;</font></b>
			<b><font color="#0000FF">&lt;/translation&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<br/><br/><a name="bindvariabletranslation"/><h2>Bind Variable Translation</h2>

<p>Bind variable translation enables the SQL Relay server to modify bind variables before passing them to the database.  Bind variable names or values may be modified.  Variables may also be added or deleted.  Bind variable translation is most often used in conjunction with query translation.</p>

<p>Bind variable translation is implemented by loadable modules.  The <i>bindvariabletranslations</i> section of the configuration file indicates which translation modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;bindvariabletranslations&gt;</font></b>
			<b><font color="#0000FF">&lt;bindvariabletranslation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ...<b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/bindvariabletranslations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All bind variable translation modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Bind variable translation modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified bind variable translations modules and initializes them.  When a query is run, the server passes the bind variables to each module, in the order that they were specified in the config file.  If a module modifies a bind variable, then that modified variable is passed on to the next module.</p>

<p>Currently, no open source bind variable translation modules are available, however custom modules may be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="resultsetheaderranslation"/><h2>Result Set Header Translation</h2>

<p>Result set header translation enables the SQL Relay server to modify column information in the result set before returning it to the client.  Result set header translation is most often used in conjunction with result set translation.</p>

<p>Result set header translation is implemented by loadable modules.  The <i>resultsetheadertranslations</i> section of the configuration file indicates which translation modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;resultsetheadertranslations&gt;</font></b>
			<b><font color="#0000FF">&lt;resultsetheadertranslation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ...<b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/resultsetheadertranslations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All result set header translation modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Result set header translation modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified result set header translations modules and initializes them.  When a query is run, the server passes the result set header to each module, in the order that they were specified in the config file.  If a module modifies the result set header, then that modified header is passed on to the next module.</p>

<p>Currently, no open source result set header translation modules are available, however custom modules may be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="resultsettranslation"/><h2>Result Set Translation</h2>

<p>Result set translation enables the SQL Relay server to modify fields in the result set before returning the field to the client.</p>

<p>Result set translation is implemented by loadable modules.  The <i>resultsettranslations</i> section of the configuration file indicates which result set translation modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;resultsettranslations&gt;</font></b>
			<b><font color="#0000FF">&lt;resultsettranslation</font></b>
				<font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"reformatdatetime"</font>
				<font color="#009900">datetimeformat</font><font color="#990000">=</font><font color="#FF0000">"MM/DD/YYYY HH24:MI:SS"</font>
				<font color="#009900">dateformat</font><font color="#990000">=</font><font color="#FF0000">"MM/DD/YYYY"</font>
				<font color="#009900">timeformat</font><font color="#990000">=</font><font color="#FF0000">"HH24:MI:SS"</font>
				<font color="#009900">dateddmm</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">ignorenondatetime</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/resultsettranslations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All result set translation modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Result set translation modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified result set translation modules and initializes them.  As each field of the result set is returned, the server passes the field to each module, in the order that they were specified in the config file.  If a module modifies a field, then that modified field is passed on to the next module.</p>

<p>Currently, the following result set translation module is available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>reformatdatetime</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="reformatdatetime"/><h3>reformatdatetime</h3>

<p>The <b>reformatdatetime</b> module examines the field, decides if it's a date/time field, and if so, reformats it based on the given attributes.</p>

<p>The following attributes are currently supported:</p>

<ul>
  <li><b>datetimeformat</b> - Specifies the format to convert date/time fields to.  May be any combination of the following format characters.  Non-format characters will be inserted as-is.</li>
  <ul>
    <li><b>DD</b> - day of the month</li>
    <li><b>MM</b> - numeric month</li>
    <li><b>MON</b> - 3-character text abbreviation for the month</li>
    <li><b>Month</b> - full text month</li>
    <li><b>YYYY</b> - year including century</li>
    <li><b>YY</b> - year excluding century</li>
    <li><b>HH24</b> - hour (0-23)</li>
    <li><b>HH</b> - hour (1-12)</li>
    <li><b>MI</b> - minute</li>
    <li><b>SS</b> - second</li>
    <li><b>FFF</b> - fraction of a second</li>
    <li><b>AM</b> - AM or PM</li>
  </ul>

  <li><b>dateformat</b> - Similar to datetimeformat but if a date without the time component is detected, the supplied format will be used instead of the format supplied in the datetimeformat attribute.  Defaults to whatever value was supplied in the datetimeformat attribute.</li>
  <li><b>timeformat</b> - Similar to datetimeformat but if a time without the date component is detected, the supplied format will be used instead of the format supplied in the datetimeformat attribute.  Defaults to whatever value was supplied in the datetimeformat attribute.</li>
  <li><b>dateddmm</b> - If set to "yes" then dates are assumed to be in the DD-MM-YYYY format (with days leading), as opposed to MM-DD-YYYY format (with months leading).  This is important for interpreting dates like 03-04-2000.  If this attribute is set to "yes" then it would be interprted as March 4th rather than April 3rd.</li>
  <li><b>dateyyddmm</b> - If set to "yes" then dates are assumed to be in the YYYY-DD-MM format (with days leading), as opposed to YYYY-MM-DD-YYYY (with months leading).  This is important for interpreting dates like 2000-03-04.  If this attribute is set to "yes" then it would be interprted as March 4th rather than April 3rd.</li>
  <li><b>datedelimiters</b> - Determining whether the field is a date/time or not can be tricky.  Different cultures and systems delimit dates with different characteres, including slashes, dashes, colons and periods.  This attribute enables you to specify which of these to pay attention to.  For example, if your database contains both slash-delimited and dash-delimited dates, but also contains dot-delimited data that could be misinterpreted as a date, then you'd want to set this to "/-".  Defaults to "/-:."  Characters other than slash, dash, colon and dot are ignored.</li>
  <li><b>ignorenondatetime</b> - If this attribute is set to "yes" then only fields with date/time datatypes will be examined.  Char, and varchar fields, for example, will be ignored.  By default, all fields are examined and heuristics are used to determine whether the field contains a date/time.</li>
</ul>

<p>For example, the following configuration:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;resultsettranslations&gt;</font></b>
			<b><font color="#0000FF">&lt;resultsettranslation</font></b>
				<font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"reformatdatetime"</font>
				<font color="#009900">datetimeformat</font><font color="#990000">=</font><font color="#FF0000">"MM/DD/YYYY HH24:MI:SS"</font>
				<font color="#009900">dateformat</font><font color="#990000">=</font><font color="#FF0000">"MM/DD/YYYY"</font>
				<font color="#009900">timeformat</font><font color="#990000">=</font><font color="#FF0000">"HH24:MI:SS"</font>
				<font color="#009900">dateddmm</font><font color="#990000">=</font><font color="#FF0000">"yes"</font>
				<font color="#009900">ignorenondatetime</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/resultsettranslations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Would translate the following date/time field:</p>

<blockquote>
Jul 10 2015 05:17:55:717PM
</blockquote>
<p>Into:</p>

<blockquote>
07/10/2015 17:18:55
</blockquote>
<p>Note that <b>dateddmm</b> and <b>dateyyddmm</b> should usually be set to the same thing.  There are very specific cases where these two attributes need to be set differently from one another.  You'll know if you need to.</p>

<p>Note also that date/time translation in general is especially problematic with MS SQL Server.  See <a href="../faq/#mssqldates">the FAQ</a> for more info.</p>

<br/><a name="resultsetrowtranslation"/><h2>Result Set Row Translation</h2>

<p>Result set row translation is similar to result set translation, except that an entire row is buffered and sent to the translation module, instead of fields being sent to the module one-at-a-time.</p>

<p>This is useful if the value of one field needs to change based on the value of another field.  It also tends to perform better than translating one field at a time.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;resultsetrowtranslations&gt;</font></b>
			<b><font color="#0000FF">&lt;resultsetrowtranslation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ...<b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/resultsetrowtranslations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Currently, no open source result set row translation modules are available, however custom modules may be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="resultsetrowblocktranslation"/><h2>Result Set Row Block Translation</h2>

<p>Result set row block translation is similar to result set translation, except that blocks of rows are buffered and sent to the translation module, instead of individual rows or fields being sent to the module one-at-a-time.</p>

<p>This is useful for the same reasons as result set row translation, and tends to be the highest performing option for translating result sets, but the modules tend to be complex.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;resultsetrowblocktranslations</font></b> <font color="#009900">rowblocksize</font><font color="#990000">=</font><font color="#FF0000">"100"</font><b><font color="#0000FF">&gt;</font></b>
			<b><font color="#0000FF">&lt;resultsetrowblocktranslation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ...<b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/resultsetrowblocktranslations&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Currently, no open source result set row block translation modules are available, however custom modules may be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="moduledata"/><h2>Module Data</h2>

<p>Moduledata modules allow a developer to pass data between modules.  For example, a query translation module could set a value that a result set translation module could later read.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt>@parts<font color="#990000">/</font>sqlrelay<font color="#990000">-</font>moduledata<font color="#990000">.</font>conf@</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>Module data modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates one instance of the moduledata specified in each moduledata tag.  Each of these tags must specify an <i>id</i> attribute.  This id can be used by other modules to access this instance of moduledata.  If more than one instance of the same kind of moduledata is required, then multiple moduledata tags may be specified with the same <i>module</i> attribute and different <i>id</i> attributes.</p>

<p>Currently, the only open source moduledata module available is:</p>

<ul>
  <li><b>tag</b></li>
</ul>

<p>The tag module works as specified above in the documentation for the <a href="#filter-tag">tag</a> filter.</p>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<hr/>

<br/><a name="directives"/><h1>Query Directives</h1>

<p>Query directives enable an app to give the SQL Relay server special per-query instructions in the comments preceeding the query.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">--</font> a directive
<font color="#990000">--</font> <font color="#008080">another</font> directive<font color="#990000">:</font> with a parameter
<font color="#990000">--</font> yet another directive
select <font color="#990000">*</font> from exampletable
</tt></pre>

</blockquote>
<p>Query directives are implemented by loadable modules.  The <i>directives</i> section of the configuration file indicates which directive modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;directives&gt;</font></b>
                        <b><font color="#0000FF">&lt;directive</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"custom_wf"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/directives&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All directive modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Directive modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified directive modules and initializes them.  When a query is run, the server passes the query to each module, in the order that they were specified in the config file. </p>

<p>Currently, the following directive modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>custom_wf</b></li>
  <li><b>singlestep</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="custom_wf"/><h2>custom_wf</h2>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;directives&gt;</font></b>
                        <b><font color="#0000FF">&lt;directive</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"custom_wf"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/directives&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <b>custom_wf</b> module examines the comments preceeding the query and looks for one or more of the following directives:</p>

<ul>
  <li>sqlexecdirect</li>
  <li>sqlprepare</li>
  <li>querytimeout</li>
</ul>

<br/><h3>sqlexecdirect</h3>

<p>The sqlexecdirect directive tells SQL Relay to execute the query in a single step, rather than using the standard prepare/execute process.  This is useful for overriding the executedirect=no connection string option (the default) on a case-by-case basis.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">--</font> sqlexecdirect
select <font color="#990000">*</font> from exampletable
</tt></pre>

</blockquote>
<p>Note that (currently) the only database backend that supports executedirect is ODBC, and the only ODBC driver where it is known to improve performance is the MS SQL Server driver.  In that environment, this directive can yield a noticeable performance improvement for queries without bind variables, and which won't be reexecuted immediately.</p>

<br/><h3>sqlprepare</h3>

<p>The sqlprepare directive tells SQL Relay to prepare/execute the query in a two-step step process, rather than executing the query in a single step.  This is useful for overriding the executedirect=yes connection string option on a case-by-case basis.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">--</font> sqlprepare
select <font color="#990000">*</font> from exampletable
</tt></pre>

</blockquote>
<p>Note that (currently) the only database backend that supports direct execution is ODBC, and the only ODBC driver where it is known to improve performance is the MS SQL Server driver.  In that environment, the executedirect=yes option can yield a noticeable performance improvement for queries without bind variables, and which won't be reexecuted immediately.  If this is the case for most of your queries, then it makes sense to set executedirect=yes and override it using this directive as needed.</p>

<br/><h3>querytimeout</h3>

<p>The querytimeout directive sets a timeout (in seconds) for the query.  The following example sets a 60 second timeout.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">--</font> querytimeout<font color="#990000">:</font><font color="#993399">60</font>
select <font color="#990000">*</font> from exampletable
</tt></pre>

</blockquote>
<p>Note that this directive takes a colon-delimited parameter, the number of seconds.  Setting a timeout of 0 seconds (or removing the parameter) disables the timeout.</p>

<p>Note that (currently) the only database backend that supports query timeouts is ODBC.  It is known to work with the MS SQL Server driver, though it likely works with some other ODBC drivers as well.</p>

<br/><a name="singlestep"/><h2>singlestep</h2>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;directives&gt;</font></b>
                        <b><font color="#0000FF">&lt;directive</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"singlestep"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/directives&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <b>singlestep</b> module only works when using a PostgreSQL database.  Attempts to use it with a different database will have no effect.</p>

<p>When using a PostgreSQL database, the connect string option fetchatonce can be set to 0 or 1.  When set to 0, the SQL Relay server fetches and buffers all rows of the result set from the database before returning any to the SQL Relay client. When set to 1, the SQL Relay server "single-steps" through the rows of the result set, fetching one row at a time from the database, and sending each row back to the SQL Relay client as it is fetched.</p>

<p>Using fetchatonce=0 can cause the SQL Relay serve to consume large amounts of memory when a query returns a large number of rows.  On the other hand, when using fetchatonce=1, due to the quirky way that PostgreSQL implements fetching one row at a time, if you run a set of nested queries, rows will be truncated in the outer query, if the client uses a non-zero result set buffer size.  See <a href="../faq.html#postgresqlfetchatonce">the faq</a> for more details.</p>

<p>The <b>singlestep</b> module allows you to configure the instance one way, but override that configuration on a query-by-query basis.</p>

<p>The module examines the comments preceeding the query and looks for one or more of the following directives:</p>

<ul>
  <li>singlestep=on</li>
  <li>singlestep=off</li>
</ul>

<br/><h3>singlestep=on</h3>

<p>If the singlestep=on directive is used, the SQL Relay Server "single-steps" through the rows of the result set of the associated query, fetching one row at a time from the database and sending each row back to the SQL Reay client as it is fetched.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">--</font> singlestep<font color="#990000">=</font>on
select <font color="#990000">*</font> from largetable
</tt></pre>

</blockquote>
<br/><h3>singlestep=off</h3>

<p>If singlestep=off is set, then the SQL Relay Server will fetch and buffer all rows of the result set of the associated query before returning any to the SQL Relay client.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><font color="#990000">--</font> singlestep<font color="#990000">=</font>off
select <font color="#990000">*</font> from smalltable
</tt></pre>

</blockquote>
<hr/>

<br/><a name="queryrouting"/><h1>Query Routing</h1>

<p>Query routing enables the SQL Relay server to send one set of queries to one database, another set of queries to another, another set of queries to another, and so on.</p>

<p>To route queries, one instance of SQL Relay must be configured as a router to route queries to other instances of SQL Relay which are configured normally.</p>

<p>A typical use case is to configure one instance of SQL Relay to maintain connections to a master database and another instance of SQL Relay to maintain connections to a pool of slaves, then set up a third instance of SQL Relay to route queries to the other 2 instances.</p>

<blockquote>
<img src="../images/router.png"/>
</blockquote>
<p>This is such a common case, that it is also described above in it's own section: <a href="#masterslave">Master-Slave Query Routing</a>.</p>

<p>There are other possiblities as well though.</p>

<p>The actual query routing itself is implemented by loadable modules.  The <i>routers</i> section of the configuration file indicates which router modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
        <b><font color="#0000FF">&lt;instance</font></b> ... <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^drop "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^create "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^insert "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^update "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^delete "</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">".*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"..."</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"..."</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
		...
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these elements are interpreted is module-specific.</p>

<p>All router modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Router modules can be "stacked".  Multiple modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>In fact, the example above shows a stacked configuration.  The first instance of the router module sends DDL/DML queries to a "master" database and the second instance of the router module sends all other queries to a "slave" database.</p>

<p>At startup, the SQL Relay server creates instances of the specified router modules and initializes them.  When the client sends a query to the SQL Relay server, the server consults each router module, in the order that they were specified in the config file.  Each module applies its routing rules to determine which connection to run the query on.  If a module returns a connection then the remaining modules are ignored.  If the query makes it through all modules without being routed to a particular connection, then the query is ignored.</p>

<p>Currently, the following router modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><a href="#regex">regex</a></li>
  <li><a href="#userlist">userlist</a></li>
  <li><a href="#clientiplist">clientiplist</a></li>
  <li><a href="#clientinfolist">lientinfolist</a></li>
  <li><a href="#usedatabase">usedatabase</a></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="regex"/><h3>regex</h3>

<p>The <b>regex</b> module routes queries by matching them against regular expressions.</p>

<p>A classic <a href="#masterslave">Master-Slave Query Routing</a> configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

        <i><font color="#9A1900">&lt;!-- This instance maintains connections to the "master" MySQL database</font></i>
<i><font color="#9A1900">                on the masterdb machine.  This instance only listens on the</font></i>
<i><font color="#9A1900">                unix socket /tmp/master.socket and thus cannot be connected to</font></i>
<i><font color="#9A1900">                by clients from another machine. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"master"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/master.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=masteruser;password=masterpassword;host=masterdb;db=master;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance maintains connections to 4 "slave" MySQL databases</font></i>
<i><font color="#9A1900">                on 4 slave machines.  This instance only listens on the unix</font></i>
<i><font color="#9A1900">                socket /tmp/slave.socket and thus cannot be connected to by</font></i>
<i><font color="#9A1900">                clients from another machine. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"slave"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/slave.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb1;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb2;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb3;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=slaveuser;password=slavepassword;host=slavedb3;db=slave;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance sends DML (insert,update,delete) and</font></i>
<i><font color="#9A1900">                DDL (create/delete) queries to the "master" SQL Relay instance</font></i>
<i><font color="#9A1900">                which, in turn, sends them to the "master" database.</font></i>
<i><font color="#9A1900">                This instance sends any other queries to the "slave" SQL Relay</font></i>
<i><font color="#9A1900">                instance which, in turn, distributes them over the "slave"</font></i>
<i><font color="#9A1900">                databases. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
                        <i><font color="#9A1900">&lt;!-- send all DML/DDL queries to "master"  --&gt;</font></i>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^drop "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^create "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^insert "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^update "</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"^delete "</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
                        <i><font color="#9A1900">&lt;!-- send all other queries to "slave" --&gt;</font></i>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">".*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/master.socket;user=masteruser;password=masterpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/slave.socket;user=slaveuser;password=slavepassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, 3 SQL Relay instances are defined:</p>

<ul>
  <li>one to maintain connections to the master database</li>
  <li>one to maintain connections to a pool of slave databases</li>
  <li>one to route queries to the other two instances</li>
</ul>

<p>In this configuration, DDL/DML queries are routed to the connectionid "master", and all other queries are routed to the connectionid "slave".</p>

<p>The <b>string</b> attribute in each connection tag provides the parameters necessary to connect to the other instances.  Valid attributes include:</p>

<ul>
  <li><b>host</b> - the host name or IP address of the SQL Relay instance</li>
  <li><b>port</b> - the port of the SQL Relay instance</li>
  <li><b>socket</b> - the socket of the SQL Relay instance, if it is running locally</li>
  <li><b>user</b> - the user to use when connecting to the SQL Relay instance as</li>
  <li><b>password</b> - the password to use when connecting to the SQL Relay instance</li>
  <li><b>fetchatonce</b> - the number of rows to fetch at a time (defaults to 10, 0 means fetch the entire result set)</li>
</ul>

<p>Note the use of a notification module to notify <i>dba@firstworks.com</i> if an <i>integrity_violation</i> event occurs.  SQL Relay must maintain parallel transactions on all databases that a query may be routed to.  An integrity violation occurs when a transaction control query (begin, commit, rollback, autocommit on, or autocommit off) succeeds on some of the backends but fails on others.  See <a href="#notifications">Notifications</a> for information about notification modules.</p>

<br/><p>Master-slave routing isn't all that the <b>regex</b> module can do though.</p>

<p>In the example below, we provide a single point of access to MySQL/MariaDB and PostgreSQL databases.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

	<i><font color="#9A1900">&lt;!-- This instance maintains connections to a MySQL database --&gt;</font></i>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listener&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">""</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/mysqldb.socket"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listener&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqldbuser;password=mysqldbpassword;host=mysqldb;db=mysqldb;"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>


	<i><font color="#9A1900">&lt;!-- This instance maintains connections to a PostgreSQL database --&gt;</font></i>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">""</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/postgresqldb.socket"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqldbuser;password=postgresqldbpassword;host=postgresqldb;db=postgresqldb;"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>


	<i><font color="#9A1900">&lt;!-- This instance sends queries containing "mysqldb." to the mysql</font></i>
<i><font color="#9A1900">		database and "postgresqldb." to the postgresql database --&gt;</font></i>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<i><font color="#9A1900">&lt;!-- send all mysqldb queries to "mysqldb" --&gt;</font></i>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"mysqldb\."</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
			<i><font color="#9A1900">&lt;!-- send all postgresqldb queries to "postgresqldb" --&gt;</font></i>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"regex"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;pattern</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb\."</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/mysqldb.socket;user=mysqldbuser;password=mysqldbpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/postgresqldb.socket;user=postgresqldbuser;password=postgresqldbpassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
		<b><font color="#0000FF">&lt;notifications&gt;</font></b>
			<b><font color="#0000FF">&lt;notification</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"events"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;events&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"integrity_violation"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/events&gt;</font></b>
				<b><font color="#0000FF">&lt;recipients&gt;</font></b>
					<b><font color="#0000FF">&lt;recipient</font></b> <font color="#009900">address</font><font color="#990000">=</font><font color="#FF0000">"dba@firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/recipients&gt;</font></b>
			<b><font color="#0000FF">&lt;/notification&gt;</font></b>
		<b><font color="#0000FF">&lt;/notifications&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this configuration, all queries containing "mysqldb." are sent to the connectionid "mysqldb" and all queries containing "postgresqldb." are sent to the connectionid "postgresqldb".</p>

<p>As above, the <b>string</b> attribute in each connection tag provides the parameters necessary to connect to the other instances.</p>

<p>Note the use of a notification module, as above.</p>

<br/><a name="userlist"/><h3>userlist</h3>

<p>The <b>userlist</b> module routes queries by matching the user that ran the query against a list of users.</p>

<p>An example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

        <i><font color="#9A1900">&lt;!-- This instance maintains connections to an Oracle database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/oracle.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance maintains connections to an SAP database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sap"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/sap.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance sends one set of users to the Oracle database and</font></i>
<i><font color="#9A1900">                all other users to the sap database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser1"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"oraclepassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser2"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"oraclepassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser3"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"oraclepassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser4"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"oraclepassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sapuser1"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sapuser2"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sapuser3"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"sapuser4"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"userlist"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser1"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser2"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser3"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"oracleuser4"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"userlist"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/oracle.socket;user=scott;password=tiger"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"sap"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/sap.socket;user=sapuser;password=sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, 3 SQL Relay instances are defined:</p>

<ul>
  <li>one to maintain connections to an Oracle database</li>
  <li>one to maintain connections to a SAP database</li>
  <li>one to route queries to the other two instances</li>
</ul>

<p>In this configuration, queries made by "oracle users" are routed to the connectionid "oracle", and all other queries are routed to the connectionid "sap".</p>

<p>The <b>string</b> attribute in each connection tag provides the parameters necessary to connect to the other instances.  Valid parameters include:</p>

<ul>
  <li><b>host</b> - the host name or IP address of the SQL Relay instance</li>
  <li><b>port</b> - the port of the SQL Relay instance</li>
  <li><b>socket</b> - the socket of the SQL Relay instance, if it is running locally</li>
  <li><b>user</b> - the user to use when connecting to the SQL Relay instance as</li>
  <li><b>password</b> - the password to use when connecting to the SQL Relay instance</li>
  <li><b>fetchatonce</b> - the number of rows to fetch at a time (defaults to 10, 0 means fetch the entire result set)</li>
</ul>

<br/><br/><a name="clientiplist"/><h3>clientiplist</h3>

<p>The <b>clientiplist</b> module routes queries by matching the client that ran the query against a list of IP addresses.</p>

<p>An example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

        <i><font color="#9A1900">&lt;!-- This instance maintains connections to an Oracle database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/oracle.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance maintains connections to an SAP database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sap"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/sap.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance sends one set of users to the Oracle database and</font></i>
<i><font color="#9A1900">                all other users to the sap database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"clientiplist"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;client</font></b> <font color="#009900">ip</font><font color="#990000">=</font><font color="#FF0000">"192.168.*.0-50"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"clientiplist"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;client</font></b> <font color="#009900">ip</font><font color="#990000">=</font><font color="#FF0000">"*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/oracle.socket;user=scott;password=tiger"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"sap"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/sap.socket;user=sapuser;password=sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, 3 SQL Relay instances are defined:</p>

<ul>
  <li>one to maintain connections to an Oracle database</li>
  <li>one to maintain connections to a SAP database</li>
  <li>one to route queries to the other two instances</li>
</ul>

<p>In this configuration, queries made by users originating at IP addresses 192.168.*.0-50 are routed to the connectionid "oracle", and queries made by users originating at all other IP addresses are routed to the connectionid "sap".</p>

<p>Each octet of the <b>ip</b> attribute may be specfied as a number, a dash-separated range of numbers, or a * meaning "all possible values".</p>

<p>The <b>string</b> attribute in each connection tag provides the parameters necessary to connect to the other instances.  Valid parameters include:</p>

<ul>
  <li><b>host</b> - the host name or IP address of the SQL Relay instance</li>
  <li><b>port</b> - the port of the SQL Relay instance</li>
  <li><b>socket</b> - the socket of the SQL Relay instance, if it is running locally</li>
  <li><b>user</b> - the user to use when connecting to the SQL Relay instance as</li>
  <li><b>password</b> - the password to use when connecting to the SQL Relay instance</li>
  <li><b>fetchatonce</b> - the number of rows to fetch at a time (defaults to 10, 0 means fetch the entire result set)</li>
</ul>

<br/><br/><a name="clientinfolist"/><h3>clientinfolist</h3>

<p>The <b>clientinfolist</b> module routes queries by matching the "client info" sent by the client against a list of regular expressions.  The client info can be set using the setClientInfo() method/function provided by the native SQL Relay client API.  When using PHP PDO, it can be set using the PDO_SQLRELAY_ATTR_CLIENT_INFO attribute.  The client info cannot currently be set when using the ODBC, Perl DBI, PythonDB, or ADO.NET drivers.</p>

<p>An example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

        <i><font color="#9A1900">&lt;!-- This instance maintains connections to an Oracle database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/oracle.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance maintains connections to an SAP database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sap"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/sap.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
                <b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb;"</font><b><font color="#0000FF">/&gt;</font></b>
                <b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>


        <i><font color="#9A1900">&lt;!-- This instance sends one set of users to the Oracle database and</font></i>
<i><font color="#9A1900">                all other users to the sap database. --&gt;</font></i>
        <b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"clientinfolist"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"master"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;clientinfo</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">".*oracle.*"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;clientinfo</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">".*orcl.*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"clientinfolist"</font> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"slave"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;clientinfo</font></b> <font color="#009900">pattern</font><font color="#990000">=</font><font color="#FF0000">"*"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"oracle"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/oracle.socket;user=scott;password=tiger"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"sap"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/sap.socket;user=sapuser;password=sappassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
        <b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, 3 SQL Relay instances are defined:</p>

<ul>
  <li>one to maintain connections to an Oracle database</li>
  <li>one to maintain connections to a SAP database</li>
  <li>one to route queries to the other two instances</li>
</ul>

<p>In this configuration, queries made by users who send client info which contains the string "oracle" or "orcl" to the connectionid "oracle", and queries made by users sending any other client info the connectionid "sap".</p>

<p>The <b>string</b> attribute in each connection tag provides the parameters necessary to connect to the other instances.  Valid parameters include:</p>

<ul>
  <li><b>host</b> - the host name or IP address of the SQL Relay instance</li>
  <li><b>port</b> - the port of the SQL Relay instance</li>
  <li><b>socket</b> - the socket of the SQL Relay instance, if it is running locally</li>
  <li><b>user</b> - the user to use when connecting to the SQL Relay instance as</li>
  <li><b>password</b> - the password to use when connecting to the SQL Relay instance</li>
  <li><b>fetchatonce</b> - the number of rows to fetch at a time (defaults to 10, 0 means fetch the entire result set)</li>
</ul>

<br/><br/><a name="usedatabase"/><h3>usedatabase</h3>

<p>The <b>usedatabase</b> module enables you to access databases across multiple database instances via the same SQL Relay front-end with "use database" queries.</p>

<p>For example, lets say you have two database instances:</p>

<p>A MySQL/MariaDB instance that hosts 3 databases:</p>

<ul>
  <li>mydb1</li>
  <li>mydb2</li>
  <li>mydb3</li>
</ul>

<p>...and a PostgreSQL instance that hosts 2 databases:</p>

<ul>
  <li>pg1</li>
  <li>pg2</li>
</ul>

<p>If you configure an instance of SQL Relay to access the MySQL/MariaDB instance, then a SQL Relay client can run queries like "use mydb1" or "use mydb2" to select the database.</p>

<p>Similarly, if you configure an instance of SQL Relay to access the PostgreSQL instance, then a SQL Relay client can run queries like "use pbdb1" or "use pbdb2" to select the database.</p>

<p>The <b>usedatabase</b> module enables a client connected to a single instance of SQL Relay to select the database across both instances.  For example, "use mydb1" would set the current database to the mydb1 database hosted by the MySQL/MariaDB instance, and "use pgdb2" would set the current database to the pgdb2 database hosted by the PostgreSQL instance.</p>

<p>An example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

	<i><font color="#9A1900">&lt;!-- This instance maintains connections to a MySQL database --&gt;</font></i>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">""</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/mysqldb.socket"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqldbuser;password=mysqldbpassword;host=mysqldb;db=mysqldb;"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>


	<i><font color="#9A1900">&lt;!-- This instance maintains connections to a PostgreSQL database --&gt;</font></i>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"postgresql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">""</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/postgresqldb.socket"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=postgresqldbuser;password=postgresqldbpassword;host=postgresqldb;db=postgresqldb;"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>


	<i><font color="#9A1900">&lt;!-- This instance sends queries to databases hosted by the mysql</font></i>
<i><font color="#9A1900">		instance and postgresql instance based on "use ..." queries. --&gt;</font></i>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"usedatabase"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/mysqldb.socket;user=mysqldbuser;password=mysqldbpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/postgresqldb.socket;user=postgresqldbuser;password=postgresqldbpassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, 3 SQL Relay instances are defined:</p>

<ul>
  <li>one to maintain connections to an MySQL/MariaDB instance</li>
  <li>one to maintain connections to a PostgreSQL database</li>
  <li>one to route queries to the other two instances</li>
</ul>

<p>The <b>string</b> attribute in each connection tag provides the parameters necessary to connect to the other instances.  Valid parameters include:</p>

<ul>
  <li><b>host</b> - the host name or IP address of the SQL Relay instance</li>
  <li><b>port</b> - the port of the SQL Relay instance</li>
  <li><b>socket</b> - the socket of the SQL Relay instance, if it is running locally</li>
  <li><b>user</b> - the user to use when connecting to the SQL Relay instance as</li>
  <li><b>password</b> - the password to use when connecting to the SQL Relay instance</li>
  <li><b>fetchatonce</b> - the number of rows to fetch at a time (defaults to 10, 0 means fetch the entire result set)</li>
</ul>

<p>When the router instance starts, it gets the list of databases available from each of the other two instances, and routes to them accordingly.</p>

<p>A sample sqlrsh session follows:</p>

<blockquote>
  <pre>sqlrsh -host localhost -user routeruser -password routerpassword
sqlrsh - Version 1.1.0
        Connected to: localhost:9000 as routeruser

        type help; for help.

0> use mydb1;
0> currentdb;
mydb1
0> select * from exampletable;
col1
==========================
this table is in db mydb1

        Rows Returned   : 1
        Fields Returned : 1
        Elapsed Time    : 0.001512 sec

0> use mydb2;
0> currentdb;
mydb2
0> select * from exampletable;
col1
==========================
this table is in db mydb2

        Rows Returned   : 1
        Fields Returned : 1
        Elapsed Time    : 0.001512 sec

0> use pgdb1;
0> currentdb;
pgdb1
0> select * from exampletable;
col1
==========================
this table is in db pgdb1

        Rows Returned   : 1
        Fields Returned : 1
        Elapsed Time    : 0.001344 sec

0>
</pre>

</blockquote>
<p>But...  What if two different instances host databases with the same name?  For example, what if your MySQL/MariaDB instance hosts a database named db2, and your PostgreSQL instance also hosts a database named db2?</p>

<p>To resolve situations like this, the <b>usedatabase</b> module enables you to map a database to an alias.  In this example, the db2 database hosted by MySQL/MariaDB is mapped to mydb2, and the db2 database hosted by PostgreSQL is mapped to pgdb2.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

	... MySQL/PostgreSQL instance details omitted ...

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"router"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"router"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;auths&gt;</font></b>
			<b><font color="#0000FF">&lt;auth</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrclient_userlist"</font><b><font color="#0000FF">&gt;</font></b>
                        	<b><font color="#0000FF">&lt;user</font></b> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"routeruser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"routerpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/auth&gt;</font></b>
		<b><font color="#0000FF">&lt;/auths&gt;</font></b>
		<b><font color="#0000FF">&lt;routers&gt;</font></b>
			<b><font color="#0000FF">&lt;router</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"usedatabase"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;map</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font> <font color="#009900">db</font><font color="#990000">=</font><font color="#FF0000">"db2"</font> <font color="#009900">alias</font><font color="#990000">=</font><font color="#FF0000">"mydb2"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;map</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font> <font color="#009900">db</font><font color="#990000">=</font><font color="#FF0000">"db3"</font> <font color="#009900">alias</font><font color="#990000">=</font><font color="#FF0000">"pgdb3"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/router&gt;</font></b>
		<b><font color="#0000FF">&lt;/routers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"mysqldb"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/mysqldb.socket;user=mysqldbuser;password=mysqldbpassword"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">connectionid</font><font color="#990000">=</font><font color="#FF0000">"postgresqldb"</font> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"socket=/tmp/postgresqldb.socket;user=postgresqldbuser;password=postgresqldbpassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>To access the db2 database hosted by MySQL/MariaDB, the user would run:</p>

<blockquote>
  <pre>use mydb2
</pre>

</blockquote>
<p>To access the db2 database hosted by PostgreSQL, the user would run:</p>

<blockquote>
  <pre>use pgdb2
</pre>

</blockquote>
<p>Attempts to "use db2" would fail.</p>

<br/><a name="routingquirks"/><h2>Quirks and Limitations</h2>

<h3>Query Normalization</h3>

<p>To make pattern matching easier, SQL Relay "normalizes" the query before
matching it against the pattern.  The original query is run against the database
but when matched against the pattern, whitespace is compresssed and the entire
query (except for quoted strings) is converted to lower-case.</p>

<p>When matching query operators, you must use lower-cased versions of them such
as "select", "insert", "and", "or", etc.  When matching table names, you must
use a lower-cased version of the table-name.</p>

<h3>Perl Compatible Regular Expressions</h3>

<p>SQL Relay is built upon the Rudiments library.  Rudiments can be built with
or without support for libpcre which provides support for Perl Compatible
Regular Expressions.  PCRE's are more powerful than standard posix regular
expressions and have many more operators.</p>

<p>As such, if you copy a configuration file from a machine where Rudiments was
compiled with PCRE support to a machine where Rudiments wasn't compiled with
PCRE support, then it's possible that your patterns may not work on the new
machine.</p>

<p>To make matters worse, sufficiently old versions of the posix regular
expression functions had fewer operators than modern versions.  So, even if
Rudiments isn't using PCRE's, it's not impossible that after copying a
configuration file from a fairly modern OS to an antique, the patterns won't
work on the antique machine either.</p>

<p>The examples above ought to work with PCRE's and all versions of posix
regular expressions.</p>

<h3>Selects Not Showing Changes</h3>

<p>In the scenario above where DML/DDL is sent to the master database and
selects are distributed over slaves, an unintuitive thing can happen.</p>

<p>If you begin a transaction and do several inserts, updates and deletes,
you'll find that if you do a select, you will not see your changes.  This is
because in a master-slave configuration, changes to the database are not
pushed out to the slaves until the changes have been committed.  Since your
selects are being run against the slaves, you must first commit before your
changes will be visible.</p>

<h3>Stored Procedures</h3>

<p>It's possible to use stored procedures with SQL Relay's query routing
feature.  However, since stored procedures are run on the database, SQL Relay
can't route the individual queries run inside the stored procedure.  So, the
stored procedure and all queries run inside of it will be run against whichever
database it was routed to.</p>

<h3>Parallel Transactions</h3>

<p>Router modules like <b>userlist</b>, <b>clientiplist</b>, and <b>clientinfolist</b>
route entire sessions to one database or another.  Router modules like
<b>regex</b> route individual queries.  Behind the scenes, modules which route
individual queries maintain parallel transactions on each of the databases that
it is routing queries to, which present the following issues.</p>

<p><b>Integrity Violations</b></p>

<p>When the client issues a begin, commit or rollback, the router issues a begin,
commit or rollback to each of the databases.  Similarly, if the client turns
auto-commit on or off, the router turns auto-commit on or off on each of the
databases.</p>

<p>There are scenarios where a commit, rollback or auto-commit on/off command
could succeed on some of the databases and fail on others.  Some databases
have a 2-phase commit feature to handle these scenarios.  With 2-phase commit,
you can roll back a commit until you do second commit.  Many databases don't
support 2-phase commit though.  At present, SQL Relay doesn't currently support
2-phase commit for any database.  So, currently, to handle this situation,
SQL Relay returns an error, disables the instance doing the query routing, and
raises an integrity_violation event.  If a notification is configured to notify
a DBA when an integrity_violation is raised, then the DBA will receive an
email about the problem.  Unfortunately, there is no standard way to solve
the problem.  The DBA must determine the cause, resolve it manually, and restart
SQL Relay.</p>

<p><b>Commits and Rollbacks</b></p>

<p>Since queries may be routed to different kinds of databases, the router has
to employ some tricks to maintain parallel transactions on dissimilar
databases.  Some databases run in auto-commit mode by default and must be
issued a "begin" query to start a transaction.  Other databases implicitly
start a new transaction when a client logs in and after each commit or rollback.
If any of the databases being routed to require a "begin" query to start a
transaction, then the ones that don't are put in auto-commit mode when the
client logs in and after each commit or rollback and are taken out of
auto-commit mode when the client sends a begin query.  If none of the databases
being routed to require a "begin" query to start a transaction, then the
databases are not put in auto-commit mode when the client logs in or after each
commit or rollback.  Rather, transactions are implicitly started by the
database.  For example, if your client application is using a router which
routes queries over both PostgreSQL and Oracle databases, then since
PostgreSQL requires "begin" queries, you must use a "begin" query to start a
transaction, even if your app only intends to send queries which would be run
against Oracle.  Conversely, if your client application is using a router which
only routes queries over a set of Oracle databases, then you do not have to use
"begin" queries.</p>

<hr/>

<br/><a name="queries"/><h1>Custom Queries</h1>

<p>Custom queries enable SQL Relay to return result sets for non-SQL queries.</p>

<p>Custom queries are implemented by loadable modules.  The <i>queries</i> section of the configuration file indicates which modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;queries&gt;</font></b>
			<b><font color="#0000FF">&lt;query</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrcmdcstat"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;query</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrcmdgstat"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/queries&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All query modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Custom query modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified query modules and initializes them.  When a query is run, the server passes the query to each module, in the order that they were specified in the config file.  Each module may evaluate the query and decide whether to respond or not.  If none of the query modules respond, then the query is passed along to the database.</p>

<p>Currently, the following query modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>sqlrcmdcstat</b></li>
  <li><b>sqlrcmdgstat</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="sqlrcmdcstat"/><h2>sqlrcmdcstat</h2>

<p>The sqlrcmdcstat module returns statistics about the sqlr-connection processes currently running for this instance of SQL Relay when the query "sqlrcmd cstat" is run.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;queries&gt;</font></b>
			<b><font color="#0000FF">&lt;query</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrcmdcstat"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/queries&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>An example session follows:</p>

<blockquote>
  <pre>sqlrsh - Version 1.7.0
	Connected to: localhost:9000 as test

	type help; for help.

0> sqlrcmd cstat;
INDEX MINE PROCESSID CONNECT STATE                 STATE_TIME   CLIENT_ADDR CLIENT_INFO SQL_TEXT     
=====================================================================================================
0     *    24464     1       RETURN_RESULT_SET             0.00 UNIX                    sqlrcmd cstat
1          24465     0       ANNOUNCE_AVAILABILITY         0.01                                      
2          24466     0       WAIT_SEMAPHORE                4.42                                      
3          24467     0       WAIT_SEMAPHORE                4.35                                      
4          24468     0       WAIT_SEMAPHORE                4.34 
</pre>

</blockquote>
<p>In this example:</p>

<ul>
  <li>the query "sqlrcmd cstat" has been run</li>
  <li>five sqlr-connection processes are running for this SQL Relay instance</li>
  <li>one sqlr-connection process is busy returning the result set of that command</li>
  <li>another sqlr-connection process is announcing that it is available to accept a client connection</li>
  <li>three other sqlr-connection processes are idle and waiting</li>
</ul>

<p>The columns of the result set are as follows:</p>

<ul>
  <li>INDEX - just a row index</li>
  <li>MINE - contains a * if this sqlr-connection is running the "sqlrcmd cstat" command and null otherwise</li>
  <li>PROCESSID - the OS process id of the sqlr-connection process</li>
  <li>CONNECT - the total number of times a client has connected to this process since it was last started</li>
  <li>STATE - one of the following...</li>
  <ul>
    <li>NOT_AVAILABLE - the current state is not available</li>
    <li>INIT - the process is initializing</li>
    <li>WAIT_FOR_AVAIL_DB - the process is waiting for the backend database to become available</li>
    <li>WAIT_CLIENT - the process is waiting for a client to connect</li>
    <li>SESSION_START - the client session is in the process of starting</li>
    <li>GET_COMMAND - the process is waiting for the client to send it a command</li>
    <li>PROCESS_SQL - a query has been run and the process is waiting for the result set</li>
    <li>PROCESS_SQLCMD - a sqlcmd has been run and the process is building the result set</li>
    <li>RETURN_RESULT_SET - a query or sqlcmd has been run and the process is returning the result set</li>
    <li>END_SESSION - the client session is in the process of ending</li>
    <li>ANNOUNCE_AVAILABILITY - the process is announcing that it is ready to accept a client</li>
    <li>WAIT_SEMAPHORE - the process is idle and waiting for the opportunity to announce that it is ready</li>
  </ul>

  <li>STATE_TIME - the number of seconds that the process has been in the current state</li>
  <li>CLIENT_ADDR - the IP address of the client, or "UNIX" if the client is connecte via a unix socket</li>
  <li>CLIENT_INFO - an identifying "client info" string that some SQL Relay API's allow the client to set</li>
  <li>SQL_TEXT - the query or command that is currently running</li>
</ul>

<br/><br/><a name="sqlrcmdgstat"/><h2>sqlrcmdgstat</h2>

<p>The sqlrcmdgstat module returns global statistics about this instance of SQL Relay when the query "sqlrcmd gstat" is run.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;queries&gt;</font></b>
			<b><font color="#0000FF">&lt;query</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"sqlrcmdgstat"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/queries&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>An example session follows:</p>

<blockquote>
  <pre>sqlrsh - Version 1.7.0
	Connected to: localhost:9000 as test

	type help; for help.

0> sqlrcmd gstat;
KEY                    VALUE               
===========================================
start                  2019/10/27 23:06:16 
uptime                 930                 
now                    2019/10/27 23:21:46 
access_count           8                   
query_total            43                  
qpm                    2                   
qpm_1                  4                   
qpm_5                  1                   
qpm_15                 2                   
select_1               0                   
select_5               0                   
select_15              0                   
insert_1               0                   
insert_5               0                   
insert_15              0                   
update_1               0                   
update_5               0                   
update_15              0                   
delete_1               0                   
delete_5               0                   
delete_15              0                   
etc_1                  4                   
etc_5                  1                   
etc_15                 2                   
sqlrcmd_1              0                   
sqlrcmd_5              0                   
sqlrcmd_15             0                   
max_listener           1000                
max_listener_error     0                   
busy_listener          1                   
peak_listener          1                   
connection             5                   
session                1                   
peak_session           1                   
peak_session_1min      1                   
peak_session_1min_time 2019/10/27 23:21:46 
sqlr_version           1.7.0               
rudiments_version      1.2.1               
module_compiled        Oct 24 2019 22:20:05

	Rows Returned   : 39
	Fields Returned : 78
	Elapsed Time    : 0.018508 sec
</pre>

</blockquote>
<p>The result set is a set of key-value pairs, as follows:</p>

<ul>
  <li>start - the date/time that the instance was started</li>
  <li>uptime - the number of seconds that the instance has been running</li>
  <li>now - the current date/time</li>
  <li>access_count - the number of times a client has connected to the instance</li>
  <li>query_total - the total number of queries that have been run, intance-wide</li>
  <li>qpm - queries-per-minute, averaged over total instance uptime</li>
  <li>qpm_1 - queries-per-minute, for the previous minute</li>
  <li>qpm_5 - queries-per-minute, averaged over the previous 5 minutes</li>
  <li>qpm_15 - queries-per-minute, averaged over the previous 15 minutes</li>
  <li>select_1 - selects-per-minute, averaged over total instance uptime</li>
  <li>select_5 - selects-per-minute, averaged over the previous 5 minutes</li>
  <li>seelct_15 - selects-per-minute, averaged over the previous 15 minutes</li>
  <li>insert_1 - inserts-per-minute, averaged over the total instance uptime</li>
  <li>insert_5 - inserts-per-minute, averaged over the previous 5 minutes</li>
  <li>insert_15 - inserts-per-minute, averaged over the previous 15 minutes</li>
  <li>update_1 - updates-per-minute, averaged over the total instance uptime</li>
  <li>update_5 - updates-per-minute, averaged over the previous 5 minutes</li>
  <li>update_15 - updates-per-minute, averaged over the previous 15 minutes</li>
  <li>delete_1 - deletes-per-minute, averaged over the total instance uptime</li>
  <li>delete_5 - deletes-per-minute, averaged over the previous 5 minutes</li>
  <li>delete_15 - deletes-per-minute, averaged over the previous 15 minutes</li>
  <li>etc_1 - other queries-per-minute, averaged over the total instance uptime</li>
  <li>etc_5 - other queries-per-minute, averaged over the previous 5 minutes</li>
  <li>etc_15 - other queries-per-minute, averaged over the previous 15 minutes</li>
  <li>sqlrcmd_1 - sqlrcmds-per-minute, averaged over the total instance uptime</li>
  <li>sqlrcmd_5 - sqlrcmds-per-minute, averaged over the previous 5 minutes</li>
  <li>sqlrcmd_15 - sqlrcmds-per-minute, averaged over the previous 15 minutes</li>
  <li>max_listener - value of the maxlisteners attribute of the instance tag for this instance (configured or default)</li>
  <li>max_listener_error - the number of times that the maximum number of sqlr-listener threads were running and another client attempted to connect since the instance was started</li>
  <li>busy_listener - the current number of sqlr-listener threads that are busy waiting for an available sqlr-connection to hand off a client to since the instance was started</li>
  <li>peak_listener - the peak number of sqlr-listener threads that were running at the same time since the instance was started</li>
  <li>connection - number of sqlr-connection processes currently running</li>
  <li>session - number of currently active client sessions</li>
  <li>peak_session - peak number of client sessions since the instance was started</li>
  <li>peak_session_1min - peak number of client sessions in the previous minute</li>
  <li>peak_session_1min_time - the time that the peak_session_1min value was calculated</li>
  <li>sqlr_version - the version number of the SQL Relay server</li>
  <li>rudiments_version - the version number of the Rudiments library that the SQL Relay server is using</li>
  <li>module_compiled - the date/time that the SQL Relay server was compiled</li>
</ul>

<hr/>

<br/><a name="triggers"/><h1>Triggers</h1>

<p>Triggers enable SQL Relay to execute arbitrary code either before, or after a query is run.  They are similar to a database trigger, but they run inside of SQL Relay, rather than inside of the database.   As such, they are not limited to databaes operations.  They can run queries, make library or system calls, run shell commands, and anything else that an os-level application can do.</p>

<p>Triggers are implemented by loadable modules.  The <i>triggers</i> section of the configuration file indicates which modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		<b><font color="#0000FF">&lt;triggers&gt;</font></b>
			<b><font color="#0000FF">&lt;trigger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"replay"</font> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"after"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;condition</font></b> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"1213"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"transaction"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;condition</font></b> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"1205"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"query"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/trigger&gt;</font></b>
		<b><font color="#0000FF">&lt;/triggers&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All trigger modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>All trigger modules also have a <i>when</i> attribute which can be set to "before", "after", or "both", indicating whether to run the trigger before the query is executed, after the query has been executed, or both.</p>

<p>Trigger modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server creates instances of the specified trigger modules and initializes them.  When a query is run, the server passes the query to each module, in the order that they were specified in the config file.  Each module may evaluate the query and decide whether to run something or not.</p>

<p>Currently, the following trigger modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>replay</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="replay"/><h2>replay</h2>

<p>The replay module enables replay of the previous query, or of the entire transaction, when given conditions occur.</p>

<p>This enables automatic recovery in the event of a deadlock and/or lock wait timeout.  It's possible that the module could be used for other purposes, but it's targeted for this use.</p>

<p>An example configuration:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		<b><font color="#0000FF">&lt;triggers&gt;</font></b>
			<b><font color="#0000FF">&lt;trigger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"replay"</font> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"after"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;condition</font></b> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"1213"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"transaction"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;condition</font></b> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"1205"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"query"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/trigger&gt;</font></b>
		<b><font color="#0000FF">&lt;/triggers&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example...</p>

<p>The trigger is configured to run after the query has been executed.  This is the only valid configuration for the replay trigger.  If when="before" or when="both" is set then the trigger will be ignored.</p>

<p>If an error code 1213 occurs (a MySQL deadlock), then the entire transaction is replayed.  If an error code 1205 occurs (a MySQL lock wait timeout), then the previous query is replayed.</p>

<p>Note that the normalize translation is also configured.  This helps the trigger parse and rewrite queries more accurately.  See the section on Auto-Increment Columns below for details.</p>

<p>Deadlocks aren't completely preventable, but if you know which queries caused the deadlock, then you can usually modify them (or the app) to mitigate the problem.  The replay module allows you to specify a query to run and a location to log the output of the query to, for each condition.  For example:</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	...
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> ... <b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;translations&gt;</font></b>
			<b><font color="#0000FF">&lt;translation</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"normalize"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/translations&gt;</font></b>
		<b><font color="#0000FF">&lt;triggers&gt;</font></b>
			<b><font color="#0000FF">&lt;trigger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"replay"</font> <font color="#009900">when</font><font color="#990000">=</font><font color="#FF0000">"after"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;condition</font></b> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"1213"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"transaction"</font><b><font color="#0000FF">&gt;</font></b>
					<b><font color="#0000FF">&lt;log&gt;</font></b>
						<b><font color="#0000FF">&lt;query</font></b> <font color="#009900">file</font><font color="#990000">=</font><font color="#FF0000">"/tmp/example-deadlocks.log"</font><b><font color="#0000FF">&gt;</font></b>
						show engine innodb status
						<b><font color="#0000FF">&lt;/query&gt;</font></b>
					<b><font color="#0000FF">&lt;/log&gt;</font></b>
				<b><font color="#0000FF">&lt;/condition&gt;</font></b>
				<b><font color="#0000FF">&lt;condition</font></b> <font color="#009900">error</font><font color="#990000">=</font><font color="#FF0000">"1205"</font> <font color="#009900">scope</font><font color="#990000">=</font><font color="#FF0000">"query"</font><b><font color="#0000FF">/&gt;</font></b>
			<b><font color="#0000FF">&lt;/trigger&gt;</font></b>
		<b><font color="#0000FF">&lt;/triggers&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
	...
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example...</p>

<p>If an error code 1213 occurs (a MySQL deadlock), then the query "show engine innodb status" is executed, and the results logged to /tmp/example-deadlocks.log  Then, the entire transaction is replayed.</p>

<p>If an error code 1205 occurs (a MySQL lock wait timeout), then the previous query is replayed, but no logging occurs.</p>

<p>In this configuration, the module enables automatic recovery from deadlocks and lock wait timeouts, and the log allows a developer to go back later, examine the queries that caused the deadlocks, and modify them (or the app) to mitigate the problem.</p>

<p>In addition to the <b>module</b> and <b>when</b> attributes, the <b>trigger</b> tag also supports the following attributes:</p>

<ul>
  <li><b>includeselects</b></li>
  <ul>
    <li>If set to "no" (the default) - select queries are not logged or replayed</li>
    <li>If set to "yes" - select queries are logged and replayed</li>
    <li>Use care when disabling this, as the query log will be larger and replay operations can take much longer.</li>
  </ul>

  <li><b>maxretries</b></li>
  <ul>
    <li>It's possible to encounter another replay condition while replaying a query or transaction.  If this happens, the module retries.  This attribute limits the total number of retries.  If it is exceeded, then whatever error occurred on the last retry is returned to the application.</li>
  </ul>

</ul>

<p>The <b>condition</b> tag supports the following attributes:</p>

<ul>
  <li><b>error</b></li>
  <ul>
    <li>if numeric: the condition is true if the error code matches</li>
    <li>if string: the condition is true if the error string contains the string</li>
  </ul>

  <li><b>scope</b></li>
  <ul>
    <li>transaction - replay the entire transaction if this condition occurs</li>
    <li>transaction - replay the previous query if this condition occurs</li>
  </ul>

</ul>

<p>The <b>log</b> tag doesn't support any attributes.</p>

<p>The <b>query</b> tag contains the query to be run, and supports the following attributes:</p>

<ul>
  <li><b>log</b></li>
  <ul>
    <li>the name of the file to log the output of the query to</li>
    <li>each log entry consists of a divider, timestamp, and result set</li>
  </ul>

</ul>

<p>Sample (partial) log entries follow:</p>

<blockquote>
  <pre>===============================================================================
05/15/2019 15:59:40 EDT

Type : InnoDB
Name : 
Status : 

=====================================
2019-05-15 15:59:40 7f2dcb118b00 INNODB MONITOR OUTPUT
=====================================
Per second averages calculated from the last 9 seconds
-----------------
BACKGROUND THREAD
-----------------
srv_master_thread loops: 2625 srv_active, 0 srv_shutdown, 100871 srv_idle
srv_master_thread log flush and writes: 103455
... more lines ...
Spin rounds per wait: 1.97 mutex, 5.00 RW-shared, 3.26 RW-excl
------------------------
LATEST DETECTED DEADLOCK
------------------------
2019-05-15 15:59:40 7f2dcce8bb00
*** (1) TRANSACTION:
TRANSACTION 1449294, ACTIVE 8 sec inserting
mysql tables in use 1, locked 1
LOCK WAIT 38 lock struct(s), heap size 6544, 34 row lock(s), undo log entries 22 MySQL thread id 2400, OS thread handle 0x7f2dcb118b00, query id 339194 localhost testuser update
------------------------
LATEST DETECTED DEADLOCK
------------------------
2019-05-15 15:59:40 7f2dcce8bb00
*** (1) TRANSACTION:
TRANSACTION 1449294, ACTIVE 8 sec inserting
mysql tables in use 1, locked 1
LOCK WAIT 38 lock struct(s), heap size 6544, 34 row lock(s), undo log entries 22 MySQL thread id 2400, OS thread handle 0x7f2dcb118b00, query id 339194 localhost testuser update
insert into testtable (col1,col2,col3) values (null,0,2013183)
*** (1) WAITING FOR THIS LOCK TO BE GRANTED:
RECORD LOCKS space id 9786 page no 6352 n bits 696 index `col1` of table `testdb`.`testtable` trx table locks 13 total table locks 6 trx id 1449294 lock_mode X locks gap before rec insert intention waiting lock hold time 1 wait time before grant 0 
*** (2) TRANSACTION:
TRANSACTION 1449304, ACTIVE 7 sec fetching rows
mysql tables in use 25, locked 25
18296 lock struct(s), heap size 2143784, 1437389 row lock(s)
MySQL thread id 2361, OS thread handle 0x7f2dcce8bb00, query id 334173 localhost testuser Copying to tmp table on disk
update testtable1,testtable2,testtable3 ... some long where clause ... some long set clause ...
*** (2) HOLDS THE LOCK(S):
RECORD LOCKS space id 9786 page no 6352 n bits 592 index `col1` of table `testdb`.`testtable` trx table locks 4 total table locks 6 trx id 1449304 lock mode S lock hold time 7 wait time before grant 0 
*** (2) WAITING FOR THIS LOCK TO BE GRANTED:
RECORD LOCKS space id 9786 page no 6327 n bits 368 index `GEN_CLUST_INDEX` of table `testdb`.`testtable` trx table locks 4 total table locks 6 trx id 1449304 lock mode S waiting lock hold time 0 wait time before grant 0 
*** WE ROLL BACK TRANSACTION (1)
------------
TRANSACTIONS
------------
... more lines ...


===============================================================================
05/15/2019 17:21:33 EDT

Type : InnoDB
Name : 
Status : 
... more lines ...
</pre>

</blockquote>
<p>From this log entry, we can see that insert and update queries encountered a gap-locking deadlock.</p>

<p>Currently, each condition tag may contain only one log tag, and each log tag may contain only one query tag.  This restriction may be relaxed in a future release.</p>

<p>If the log file doesn't already exist, the it is created with rw-r--r-- permissions, and will be owned by the user/group that SQL Relay is running as.  There aren't, currently, attributes to control permissions or ownership.</p>

<h3>Considerations</h3>

<p>There are some considerations that are important to take into account when using the replay module.</p>

<h4>Deadlock Response</h4>

<p>MySQL/MariaDB respond to a deadlock at the transaction level.  When a deadlock occurs, they roll back all of the queries in the current transaction, and all of these queries must be reexecuted in order to recover.  So, when using the replay module with MySQL/MariaDB and databases which respond similarly, use scope="transaction" in your conditions.</p>

<p>Oracle responds to a deadlock at the query level.  When a deadlock occurs, it rolls back the query that deadlocked, and only that query must be reexecuted in order to recover.  So, when using the replay module with Oracle and databases which respond similarly, use scope="query" in your conditions.</p>

<p>The replay module has been used extensively with MySQL/MariaDB, but not with other databases.  It should work, but there might be unforseen issues.  For example, the scope="transaction" behavior is modeled after the specific way that MySQL/MariaDB respond to a deadlock.  When a deadlock occurs, they roll back all of the queries in the current transaction.  However, you are still in the same transaction, it's just as if none of the queries had been run.  As such, when replaying a transaction, the module just re-executes the queries that it logged - it doesn't execute a rollback, or begin a new transaction first.  This may not be correct for all databases which handle deadlocks at the transaction level.</p>

<h4>Memory Usage</h4>

<p>Queries are, currently, just logged to memory.  If your application runs large queries, and/or has long running transactions, then excess memory consumption could become an issue.  The default behavior of not logging or replaying select queries helps, so use caution when disabling that option.</p>

<h4>Retries</h4>

<p>If, while replaying a query, or transaction, another replay condition is encountered, then the module will retry until the replay succeeds, or until maxretries is reached.</p>

<p>To avoid hammering the system, the module delays between retries.  The delay is initially 10 milliseconds.  This doubles with each retry until the delay reaches 1 second.  Then that doubles until it reaches 10 seconds.  From then on, the delay between retries is 10 seconds.  This algorithm isn't currently configurable.  It also isn't backed by any particular science.  It just seems to work reasonably well.</p>

<h4>Auto-Increment Columns</h4>

<p>Auto-increment column values survive rollbacks.  If an insert into a table with an auto-increment column generates the value 300, and that query is rolled back then the row will be removed.  But, if the insert is run again, then it will generate the value 301 instead of 300.</p>

<p>To handle this, the replay module parses and rewrites insert queries to contain the last-insert-id's that they generated and logs the rewritten query instead of the original.  Thus, when replayed, the query won't generate a value, but rather will re-use the value that it generated the first time.</p>

<p>There are some limitations to this.</p>

<ul>
  <li>Multi-row inserts are supported unless they generate auto-increment column values.  These are impossible to support, as post-insert, the last-insert-id only returns the very last value that was generated.  It's not possible to collect the others.</li>
  <li>Insert-Select queries (eg. insert into onetable select from anothertable) and Select-Into queries (eg. select * from onetable into anothertable) are similarly not supported.</li>
</ul>

<p>If any of those are detected, then the query log is cleared and the module is disabled until the beginning of the next transaction.  If a replay condition occurs, then the error is just returned as it would have been if the module were not in use.</p>

<p>The module also has to do a bit of work to determine whether the insert contains an auto-increment column, including query the database for the last-insert-id, and potentially column info.  Column info is cached, but the cache isn't shared across sqlr-connection processes, and is (currently) cleared at the end of each transaction.  So, the module should be used with caution in performance-sensitive applications.</p>

<hr/>

<br/><a name="logging"/><h1>Logging</h1>

<p>Logging enables the SQL Relay server programs to log various bits of information as they run.</p>

<p>Logging is implemented by loadable modules.  The <i>loggers</i> section of the configuration file indicates which modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;loggers&gt;</font></b>
			<b><font color="#0000FF">&lt;logger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"debug"</font> <font color="#009900">listener</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">connection</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/loggers&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>Different modules may have different parameters.  In this example, listener="yes" tells the module to log debug info for the sqlr-listener processes and connection="yes" tells the module to log debug info for the sqlr-connection processes.</p>

<p>All logger modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Logger modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<p>At startup, the SQL Relay server processes create instances of the specified logger modules and initialize them.  As events occur, the server passes the event, log level, and optionally, a string of information about the event to each module, in the order that they were specified in the config file.  If a module is listening for that event, at that log level, then it logs information about the event to a log file.</p>

<p>Currently, the following logger modules are available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>debug</b></li>
  <li><b>slowqueries</b></li>
  <li><b>stalecursors</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="debug"/><h3>debug</h3>

<p>The <b>debug</b> module logs a great deal of information to about the internal operation of the SQL Relay server to log files in the "debug directory", usually /usr/local/firstworks/var/log/sqlrelay/debug or /usr/local/firstworks/var/sqlrelay/debug.  It creates files named sqlr-listener."pid" and sqlr-connection."pid" where "pid" is replaced with the process id of the process that is being logged.  As new processes are forked, new files are created with debug information about those processes.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;loggers&gt;</font></b>
			<b><font color="#0000FF">&lt;logger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"debug"</font> <font color="#009900">listener</font><font color="#990000">=</font><font color="#FF0000">"yes"</font> <font color="#009900">connection</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/loggers&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>This module takes three attributes: <b>listener</b>, <b>connection</b> and <b>perms</b>.  The <b>listener</b> attribute may be set to "no" to disable logging of the sqlr-listener processes.  The <b>connection</b> attribute may be set to "no" to disable logging of the sqlr-connection processes.  Logging is enabled if either attribute is omitted or set to any other value.  The <b>perms</b> attribute may be set to any ls -l style permissions string.  The default is "rw-------" which translates to read/write for owner only.</p>

<p>The general log format is:</p>

<blockquote>
  <pre>mm/dd/yyyy hh:mm:ss TZ processname [pid] : info
</pre>

</blockquote>
<p>Sample log for main listener process: <a href="sqlr-listener.1869.html">sqlr-listener.1869</a><br/>
Sample log for child listener process: <a href="sqlr-listener.1886.html">sqlr-listener.1886</a><br/>
Sample log for connecton process: <a href="sqlr-connection.1871.html">sqlr-connection.1871</a><br/></p>

<br/><a name="slowqueries"/><h3>slowqueries</h3>

<p>The <b>slowqueries</b> module logs queries that take longer to run than a specified threshold to log files in the "log directory", usually /usr/local/firstworks/var/log/sqlrelay or /usr/local/firstworks/var/sqlrelay/log.  It creates files named sqlr-connection-"id"-querylog."pid" for each sqlr-connection process where "id" is replaced with the id of the instance from the configuration file and "pid" is replaced with the process id.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;loggers&gt;</font></b>
			<b><font color="#0000FF">&lt;logger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"slowqueries"</font> <font color="#009900">sec</font><font color="#990000">=</font><font color="#FF0000">"10"</font> <font color="#009900">usec</font><font color="#990000">=</font><font color="#FF0000">"0"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/loggers&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>This module takes two attributes: <b>sec</b> and <b>usec</b>.  Queries that take longer than <b>sec</b> seconds and <b>usec</b> microseconds will be logged.  Both attributes default to 0 and omitting them causes all queries to be logged.</p>

<p>The general format is:</p>

<blockquote>
  <pre>Mon 2014 Apr  6 15:58:17 :
select 1 from dual
time: 0.000001
</pre>

</blockquote>
<p>Sample log: <a href="sqlr-connection-oracletest-querylog.2899.html">sqlr-connection-oracletest-querylog.2899</a></p>

<br/><a name="stalecursors"/><h3>stalecursors</h3>

<p>It is not uncommon for a long-running application to open a cursor, and then never close it again.  So-called "cursor leaks" eventually lead to <i>No server-side cursors were available to process the query</i> (or similar) errors, and the root cause can be difficult to track down, especially if a lower-level database abstraction layer does the opening and closing of the cursors.</p>

<p>The <b>stalecursors</b> module logs active cursors, enabling an administrator to see if any cursors have been open for a long time, and if so, what the last query the cursor ran was.</p>

<p>The module works by opening a connection to another instance of SQL Relay (the "log instance"), where it creates a table named "stalecursors" and logs to that table.</p>

<p>In the following example, the "stalecursors" instance (the log instance) provides access to a database where the stale cursors can be logged, and the "example" instance (the app instance) logs cursor activity there.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"stalecursors"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/stalecursors.socket"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font> <font color="#009900">connections</font><font color="#990000">=</font><font color="#FF0000">"5"</font> <font color="#009900">maxconnections</font><font color="#990000">=</font><font color="#FF0000">"10"</font> <font color="#009900">translatebindvariables</font><font color="#990000">=</font><font color="#FF0000">"yes"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=testuser;password=testpassword;db=testdb;host=mysql;foundrows=yes"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"mysql"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;loggers&gt;</font></b>
			<b><font color="#0000FF">&lt;logger</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"stalecursors"</font> <font color="#009900">socket</font><font color="#990000">=</font><font color="#FF0000">"/tmp/stalecursors.socket"</font> <font color="#009900">user</font><font color="#990000">=</font><font color="#FF0000">"stalecursorsuser"</font> <font color="#009900">password</font><font color="#990000">=</font><font color="#FF0000">"stalecursorspassword"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/loggers&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=mysqluser;password=mysqlpassword;db=mysqldb;host=mysqlhost"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>

<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In the log instance, note the following:</p>

<ul>
  <li>It is configured to listen on a unix socket, but not configured to listen on a port.  This is because the app instance is running on the same machine.  This is not a requirement though.  The log instance could be configured to listen on a port as well, and serve app instances running on other machines.</li>
  <li>translatebindvariable="yes" is set.  The queries that the module generates to insert, update, and delete from the stalecursors table use oracle-style (colon-delimited) bind variables.  If the log database is something other than oracle, then the log instance must translate the bind variables.</li>
  <li>connections="5" and maxconnections="10" are set.  By default, SQL Relay opens 5 connections to the database.  The app instance uses this default configuration.  If the log instance also only opens 5 connections, then all 5 will be consumed by the app instance, and it won't be possible to access and examine the log from a client program.  So, we'll allow the log instance to scale up accordingly.</li>
</ul>

<br/><p>The module takes 5 attributes: <b>host</b>, <b>port</b>, <b>socket</b>, <b>user</b>, and <b>password</b>.  These attributes are used to access the other instance of SQL Relay that will be used for logging.</p>

<p>When a cursor is opened, the module adds a new row to the log.  Each time a query is executed, the row is updated.  When the cursor is closed, the module removes the row.</p>

<p>If the cursor is never closed, then the row is never removed, even if the application exits.  The row will also persist across sqlr-starts and sqlr-stops of the app instance and log instances.  As such, it will eventually be necessary to manually clear to the table, or at least manually delete rows from it, analogous to deleting log files.</p>

<p>To view currently active (and possibly stale) cursors, you would access the log instance like:</p>

<blockquote>
  <pre>sqlrsh -socket /tmp/stalecursors.socket -user stalecursorsuser -password stalecursorspassword
</pre>

</blockquote>
<p>And then view the log like:</p>

<blockquote>
  <pre>select * from stalecursors
</pre>

</blockquote>
<p>A typical result set would be something like:</p>

<blockquote>
  <pre>instance connection_id connection_pid cursor_id most_recent_query       most_recent_query_timestamp
===================================================================================================
example  example-0     27155          0         select * from bigtable  2019-10-24 20:34:06        
example  example-0     27158          0         select * from mytable   2019-10-24 20:34:26        
example  example-0     27162          0         select * from yourtable 2019-10-24 20:34:41        
example  example-0     27166          0         select * from thistable 2019-10-24 20:34:53        
example  example-0     27168          0         select * from thattable 2019-10-24 20:35:03        
</pre>

</blockquote>
<p>Multiple app instances may log to the same log instance.  To view cursor activity for a particular instance, just filter on the "instance" column.</p>

<blockquote>
  <pre>select * from stalecursors where instance='example'
</pre>

</blockquote>
<p>Note that each connection of an app instance will consume 1 connection of the log instance, so be sure to configure the log instance to start enough connections to the database.  Eg. if you have 2 app instances, each configured with connections="5", then the log instance should be configured with connections="10" and maxconnections set to something larger than 10 to allow for clients to connect and examine the logs.</p>

<hr/>

<br/><a name="notifications"/><h1>Notifications</h1>

<p>Notifications allow the SQL Relay server programs to notify recipients when a specified set of events occur. </p>

<p>Notifications are implemented by loadable modules.  The <i>notifications</i> section of the configuration file indicates which notification modules to load and what parameters to use when executing them.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;notifications&gt;</font></b>
			<b><font color="#0000FF">&lt;notification</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"events"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;events&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"db_error"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"db_warning"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"filter_violation"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/events&gt;</font></b>
				<b><font color="#0000FF">&lt;recipients&gt;</font></b>
					<b><font color="#0000FF">&lt;recipient</font></b> <font color="#009900">address</font><font color="#990000">=</font><font color="#FF0000">"dev@firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/recipients&gt;</font></b>
			<b><font color="#0000FF">&lt;/notification&gt;</font></b>
		<b><font color="#0000FF">&lt;/notifications&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>The <i>module</i> attribute specifies which module to load.</p>

<p>Module configurations may have attributes and/or nested tags.  How these are interpreted is module-specific.</p>

<p>All notification modules have an <i>enabled</i> attribute, allowing the module to be temporarily disabled.  If enabled="no" is configured, then the module is disabled.  If set to any other value, or omitted, then the module is enabled.</p>

<p>Notification modules can be "stacked".  Multiple different modules may be loaded and multiple instances of the same type of module, with different configurations, may also be loaded.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;notifications&gt;</font></b>
			<b><font color="#0000FF">&lt;notification</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"events"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;events&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"db_error"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"db_warning"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"filter_violation"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/events&gt;</font></b>
				<b><font color="#0000FF">&lt;recipients&gt;</font></b>
					<b><font color="#0000FF">&lt;recipient</font></b> <font color="#009900">address</font><font color="#990000">=</font><font color="#FF0000">"dev@firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/recipients&gt;</font></b>
			<b><font color="#0000FF">&lt;/notification&gt;</font></b>
			<b><font color="#0000FF">&lt;notification</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"events"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;events&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"integrity_violation"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/events&gt;</font></b>
				<b><font color="#0000FF">&lt;recipients&gt;</font></b>
					<b><font color="#0000FF">&lt;recipient</font></b> <font color="#009900">address</font><font color="#990000">=</font><font color="#FF0000">"dba@firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/recipients&gt;</font></b>
			<b><font color="#0000FF">&lt;/notification&gt;</font></b>
		<b><font color="#0000FF">&lt;/notifications&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>At startup, the SQL Relay server processes create instances of the specified notification modules and initializes them.  As events occur, the server passes the event and, optionally, a string of information about the event to each module, in the order that they were specified in the config file.  If a module is listening for that event, then it sends a notification to the specified recpients.</p>

<p>Currently, the following notification module is available in the standard SQL Relay distribution:</p>

<ul>
  <li><b>events</b></li>
</ul>

<p>Custom modules may also be developed.  For more information, please contact <a href="mailto:dev@firstworks.com">dev@firstworks.com</a>. <a target="_blank" href="http://sqlrelay.sourceforge.net/images/us.png"><img src="http://sqlrelay.sourceforge.net/images/us.png"/></a> <a target="_blank" href="http://sqlrelay.sourceforge.net/images/br.png"><img src="http://sqlrelay.sourceforge.net/images/br.png"/></a></p>

<br/><a name="events"/><h3>events</h3>

<p>The <b>events</b> module listens for a specified set of events and notifies recipients when a one occurs.</p>

<p>An example configuration follows.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> ...<b><font color="#0000FF">&gt;</font></b>
		...
		<b><font color="#0000FF">&lt;notifications&gt;</font></b>
			<b><font color="#0000FF">&lt;notification</font></b> <font color="#009900">module</font><font color="#990000">=</font><font color="#FF0000">"events"</font><b><font color="#0000FF">&gt;</font></b>
				<b><font color="#0000FF">&lt;events&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"db_error"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"db_warning"</font><b><font color="#0000FF">/&gt;</font></b>
					<b><font color="#0000FF">&lt;event</font></b> <font color="#009900">event</font><font color="#990000">=</font><font color="#FF0000">"filter_violation"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/events&gt;</font></b>
				<b><font color="#0000FF">&lt;recipients&gt;</font></b>
					<b><font color="#0000FF">&lt;recipient</font></b> <font color="#009900">address</font><font color="#990000">=</font><font color="#FF0000">"dev@firstworks.com"</font><b><font color="#0000FF">/&gt;</font></b>
				<b><font color="#0000FF">&lt;/recipients&gt;</font></b>
			<b><font color="#0000FF">&lt;/notification&gt;</font></b>
		<b><font color="#0000FF">&lt;/notifications&gt;</font></b>
		...
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>In this example, the module sends notifications to <b>dev@firstworks.com</b> when one of the <b>db_error</b>, <b>db_warning</b>, or <b>filter_violation</b> events occurs.</p>

<p>The <b>events</b> tag defines the set of events to listen for.  Valid events are:</p>

<ul>
  <li><b>client_connected</b> - An SQL Relay client connected to the SQL Relay server.</li>
  <li><b>client_connection_refused</b> - An SQL Relay client attempted to connect to the SQL Relay server but the server refused the connection, usually because authentication failed.</li>
  <li><b>client_disconnected</b> - An SQL Relay client disconnected from the SQL Relay server.</li>
  <li><b>client_protocol_error</b> - The SQL Relay server didn't understand something that the SQL Relay client sent to it.</li>
  <li><b>db_login</b> - The SQL Relay server opened a connection to the database.</li>
  <li><b>db_logout</b> - The SQL Relay server closed a connection to the database.</li>
  <li><b>db_error</b> - A query generated an error.</li>
  <li><b>db_warning</b> - A query generated a warning.</li>
  <li><b>query</b> - A query was executed.</li>
  <li><b>filter_violation</b> - A <a href="#filtering">query filter module</a> prevented a query from being executed.</li>
  <li><b>internal_error</b> - An internal error occurred.</li>
  <li><b>internal_warning</b> - An internal warning occurred.</li>
  <li><b>debug_message</b> - A debug message was generated.</li>
  <li><b>schedule_violation</b> - A <a href="#schedules">connection schedule module</a> prevented a user from logging in to the SQL Relay server.</li>
  <li><b>integrity_violation</b> - A <a href="#queryrouting">query routing module</a> is in use and a transaction control query (begin, commit, rollback, autocommit on, or autocommit off) succeeded on some of the backends but failed on others.</li>
</ul>

<p>Any number of events may be specified.  Each event must be specified in its own <b>event</b> tag.  The event tag supports the following attributes:</p>

<ul>
  <li><b>event</b> - Required.  The event to listen for.</li>
  <li><b>pattern</b> - Optional.  Only valid when event="query".  A regular expression limiting the set of queries that the notification will be sent for.  If set, then the notification will only be sent if the query matches the pattern.  If omitted, then the notification will be sent for all queries.</li>
</ul>

<p>Any number of recipients may also be specified.  Each recipient must be specified in its own <b>recipient</b> tag.  The recipient tag supports the following attributes:</p>

<ul>
  <li><b>address</b> - Required.  The address to send the notification message to.</li>
  <li><b>subject</b> - Optional.  The subject of the notification message.</li>
  <li><b>template</b> - Optional.  The filename of the template to use for the notification message.</li>
</ul>

<p>Currently, notifications may only be sent via email.</p>

<p>If the <b>subject</b> attribute is not provided, then SQL Relay uses a default subject of:</p>

<blockquote>
SQL Relay Notification: @event@
</blockquote>
<p>Where @event@ is replaced with the event that triggered the notification.</p>

<p>If the <b>template</b> attribute is not provided, then SQL Relay uses a default template of:</p>

<blockquote>
  <pre>SQL Relay Notification:

Event          : @event@
Event Info     : @eventinfo@
Date           : @datetime@
Host Name      : @hostname@
Instance       : @instance@
Process Id     : @pid@
Client Address : @clientaddr@
Client Info    : @clientinfo@
User           : @user@
Query          :
@query@
</pre>

</blockquote>
<p>In both subject lines and template files, the following substitutions can be made:</p>

<ul>
  <li><b>@event@</b> - The event that triggered the notification.</li>
  <li><b>@eventinfo@</b> - The text (if any) that accompanied the event.</li>
  <li><b>@datetime@</b> - The date/time that the event occurred.</li>
  <li><b>@hostname@</b> - The host name of the server hosting the SQL Relay instance that generated the event.</li>
  <li><b>@instance@</b> - The instance name of the SQL Relay instance that generated the event.</li>
  <li><b>@pid@</b> - The process id of the SQL Relay instance that generated the event.</li>
  <li><b>@clientaddr@</b> - The client address (if any) of the SQL Relay client that was connected when the event occurred.</li>
  <li><b>@clientinfo@</b> - The client info (if any) of the SQL Relay client that was connected when the event occurred.</li>
  <li><b>@user@</b> - The SQL Relay user (if any) that was logged in to the SQL Relay instance that generated the event.</li>
  <li><b>@query@</b> - The query (if any) that was running when the event occurred.</li>
</ul>

<p>On linux/unix systems, the <i>mail</i> program is used to send notifications.  Messages are sent using the following command:</p>

<blockquote>
mail -s <i>subject</i> <i>address</i> < <i>message</i>
</blockquote>
<p>Where <i>subject</i> is replaced with the subject, <i>address</i> is replaced with the recipient and <i>messagee</i> is replaced with the name of the temporary file that is used to store the message.</p>

<p>SQL Relay assumes that the <i>mail</i> program is installed, in the PATH of the user that SQL Relay runs as, and that mail delivery is configured on the host system.</p>

<p>On Windows systems the <i>blat</i> program is used to send notifications.  Messages are sent using the following command:</p>

<blockquote>
blat <i>message</i> -to <i>address</i> -subject <i>subject</i> -q
</blockquote>
<p>Where <i>subject</i> is replaced with the subject, <i>address</i> is replaced with the recipient and <i>message</i> is replaced with the name of the temporary file that is used to store the message.</p>

<p>SQL Relay assumes that the <i>blat</i> program is installed, in the PATH of the user that SQL Relay runs as, and that blat has been configured.  See <a target="_blank" href="http://www.blat.net">http://www.blat.net</a> to download and configure blat.</p>

<hr/>

<br/><a name="sessionqueries"/><h1>Session-Queries</h1>

<p>SQL Relay can be configured to run a set of queries at the beginning and end of each client session.</p>

<p>By far the most common use for this feature is that some database parameter needs to be reconfigured but you don't have permission or bouncing the database is out of the question, or something like that.  For example, lets say you are using an Oracle database, but your app requires dates to be formatted like MM/DD/YYYY instead of DD-MON-YYYY.  Ideally you'd alter the nls_date_format in the instance but you can't, for some reason.</p>

<p>You can use SQL Relay's session queries to work around the problem.</p>

<p>In the following example, the date format is set to MM/DD/YYYY at the beginning of the session and then reset back to DD-MON-YYYY at the end.</p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"example"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;session&gt;</font></b>
			<b><font color="#0000FF">&lt;start&gt;</font></b>
				<b><font color="#0000FF">&lt;runquery&gt;</font></b>alter session set nls_date_format='MM/DD/YYYY'<b><font color="#0000FF">&lt;/runquery&gt;</font></b>
			<b><font color="#0000FF">&lt;/start&gt;</font></b>
			<b><font color="#0000FF">&lt;end&gt;</font></b>
				<b><font color="#0000FF">&lt;runquery&gt;</font></b>alter session set nls_date_format='DD-MON-YYYY'<b><font color="#0000FF">&lt;/runquery&gt;</font></b>
			<b><font color="#0000FF">&lt;/end&gt;</font></b>
		<b><font color="#0000FF">&lt;/session&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p>Actually, in this example, there's no need to set the date format back to DD-MON-YYYY but it's done here for illustrative purposes.</p>

<hr/>

<br/><a name="altconfigfile"/><h1>Alternative Configuration File Options</h1>

<a name="directory"/><h2>Configuration Directory</h2>

<p>While any number of SQL Relay instances can be defined in a single configuration file, it might be more convenient to split configurations up into multiple files located in a configuration directory.</p>

<p>The default SQL Relay configuration directory depends on the platform and on how you installed SQL Relay.</p>

<ul>
  <li>Unix and Linux</li>
  <ul>
    <li>Built from source - <b>/usr/local/firstworks/etc/sqlrelay.conf.d</b> (unless you specified a non-standard --prefix or --sysconfdir during the build)</li>
    <li>RPM package - <b>/etc/sqlrelay.conf.d</b></li>
    <li>FreeBSD package - <b>/usr/local/etc/sqlrelay.conf.d</b></li>
    <li>NetBSD package - <b>/usr/pkg/etc/sqlrelay.conf.d</b></li>
    <li>OpenBSD package - <b>/usr/local/etc/sqlrelay.conf.d</b></li>
  </ul>

  <li>Windows</li>
  <ul>
    <li>Built from source - <b>C:\Program Files\Firstworks\etc\sqlrelay.conf.d</b></li>
    <li>Windows Installer package - <b>C:\Program Files\Firstworks\etc\sqlrelay.conf.d</b> (unless you specified a non-standard installation folder)</li>
  </ul>

</ul>

<p>Additional configuration files may be created under this directory.  These files must follow the same format as the main configuration file.</p>

<p>For example, if you wanted to split up oracle, sap and db2 configurations into 3 separate files, you could create:</p>

<p><b>sqlrelay.conf.d/oracle.conf</b></p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"oracleexample"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9000"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"user=scott;password=tiger;oracle_sid=orcl"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p><b>sqlrelay.conf.d/sap.conf</b></p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"sapexample"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"sap"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9001"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"sybase=/opt/sap;lang=en_US;server=SAPSERVER;user=sapuser;password=sappassword;db=sapdb"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<p><b>sqlrelay.conf.d/db2.conf</b></p>

<blockquote>
<!-- Generator: GNU source-highlight 3.1.9
by Lorenzo Bettini
http://www.lorenzobettini.it
http://www.gnu.org/software/src-highlite -->
<pre><tt><b><font color="#000080">&lt;?xml</font></b> <font color="#009900">version</font><font color="#990000">=</font><font color="#FF0000">"1.0"</font><b><font color="#000080">?&gt;</font></b>
<b><font color="#0000FF">&lt;instances&gt;</font></b>
	<b><font color="#0000FF">&lt;instance</font></b> <font color="#009900">id</font><font color="#990000">=</font><font color="#FF0000">"db2example"</font> <font color="#009900">dbase</font><font color="#990000">=</font><font color="#FF0000">"db2"</font><b><font color="#0000FF">&gt;</font></b>
		<b><font color="#0000FF">&lt;listeners&gt;</font></b>
			<b><font color="#0000FF">&lt;listener</font></b> <font color="#009900">port</font><font color="#990000">=</font><font color="#FF0000">"9002"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/listeners&gt;</font></b>
		<b><font color="#0000FF">&lt;connections&gt;</font></b>
                        <b><font color="#0000FF">&lt;connection</font></b> <font color="#009900">string</font><font color="#990000">=</font><font color="#FF0000">"db=exampledb;user=db2inst1;password=db2inst1pass;lang=C;connecttimeout=0"</font><b><font color="#0000FF">/&gt;</font></b>
		<b><font color="#0000FF">&lt;/connections&gt;</font></b>
	<b><font color="#0000FF">&lt;/instance&gt;</font></b>
<b><font color="#0000FF">&lt;/instances&gt;</font></b>
</tt></pre>

</blockquote>
<br/><br/><a name="specifying"/><h2>Specifying Configuration Files</h2>

<p>It is also possible to specify a particular configuration file or directory by passing the sqlr-start program a -config option.</p>

<p>For example:</p>

<blockquote>
  <pre>sqlr-start -id oracleexample -config /home/myuser/sqlrelay.conf
sqlr-start -id oracleexample -config file:///home/myuser/sqlrelay.conf
sqlr-start -id oracleexample -config dir:///home/myuser/sqlrelay.conf.d
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>(the file:// prefix is optional when specifying a file, but the dir:// prefix must be included when specifying a directory)</p>

<p>The -config option may also be used to specify a comma-separated list of files or directories.</p>

<p>For example:</p>

<blockquote>
  <pre>sqlr-start -id oracleexample -config /home/myuser/sqlrelay-1.conf,/home/myuser/sqlrelay-2.conf
sqlr-start -id oracleexample -config /home/myuser/sqlrelay-1.conf,/home/myuser/sqlrelay-2.conf,dir:///home/myuser/sqlrelay.conf.d
sqlr-start -id oracleexample -config /home/myuser/sqlrelay-1.conf,/home/myuser/sqlrelay-2.conf,dir:///home/myuser/sqlrelay-1.conf.d,dir:///home/myuser/sqlrelay-2.conf.d
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
</blockquote>
<p>Files and directories are processed in the order that they are specified.</p>

<br/><a name="remote"/><h2>Remote Configuration Files</h2>

<p>In addition to local configuration files, the -config option may also be used to specify configuration files located on a remote host, accessible via http.</p>

<p>Actually, if the Rudiments library upon which SQL Relay depends was compiled with support for libcurl, then configuration files may also be remotely accessible over other protocols supported by libcurl, such as https, ftp, scp, sftp, smb, etc.</p>

<p>For example:</p>

<blockquote>
  <pre>sqlr-start -id oracleexample -config http://configserver.mydomain.com/sqlrconfig/sqlrelay.conf
sqlr-start -id oracleexample -config http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/sqlrelay.conf
sqlr-start -id oracleexample -config http://[/usr/local/firstworks/etc/sqlruserpwd.txt]@configserver.mydomain.com/sqlrconfig/sqlrelay.conf

sqlr-start -id oracleexample -config https://configserver.mydomain.com/sqlrconfig/sqlrelay.conf
sqlr-start -id oracleexample -config https://myuser:mypassword@configserver.mydomain.com/sqlrconfig/sqlrelay.conf
sqlr-start -id oracleexample -config https://[/usr/local/firstworks/etc/sqlruserpwd.txt]@configserver.mydomain.com/sqlrconfig/sqlrelay.conf

sqlr-start -id oracleexample -config scp://myuser:mypassword@configserver.mydomain.com/usr/local/firstworks/etc/sqlrelay.conf
sqlr-start -id oracleexample -config scp://[/usr/local/firstworks/etc/sqlruserpwd.txt]@configserver.mydomain.com/usr/local/firstworks/etc/sqlrelay.conf
</pre>

</blockquote>
<blockquote>
( <b>NOTE:</b> When installed from RPM packages, SQL Relay may have to be started and stopped as root.)
<br/><br/>
( <b>NOTE:</b> The https and scp examples only work if Rudiments was compiled with support for libcurl.)
</blockquote>
<p>In some of the examples above, a user and password are given in the url, separated by a colon, prior to the @ sign.  In other examples, in place of a literal user and password, a user-password file is specified in square brackets.  If a user-password file is used, then the file should contain a single line, consisting of colon-separated user and password.</p>

<p>For example:</p>

<blockquote>
  <pre>myuser:mypassword
</pre>

</blockquote>
<p>Password protection is recommended for remotely accessible configuration files as they may contain users and passwords for accessing the database and SQL Relay itself.</p>

<p>Using user-password files is recommended over passing literal users and passwords.  The files can be protected with file permissions, they prevent the user and password from being stored in the script that starts SQL Relay, and they prevent the user and password from being displayed in a process listing.</p>

<br/><a name="linkfiles"/><h2>Link Files</h2>

<p>So far, the example configuration files have all been XML files, containing configurations for instances of SQL Relay.</p>

<p>However, a configuration file can, alternatively, be a "link file", containing nothing but links to other configuration files.</p>

<p>For example:</p>

<blockquote>
  <pre># oracle configuration
http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/oracle.conf

# sap/sybase configuration
http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/sap.conf

# db2 configuration
http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/db2.conf
</pre>

</blockquote>
<p>Lines starting with # are considered to be comments and blank lines are ignored, but every other line is interpreted as the location of a local configuration file, local configuration directory, or remote configuration file, as described in the previous sections.</p>

<p>Each of these files or directories are processed in the order that they are specified.</p>

<p>Link files can be used to centralize configuration.  For example, if you have several SQL Relay servers, rather than distributing configuration files across the servers, you could create an identical sqlrelay.conf file on each of them like:</p>

<blockquote>
  <pre>http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/sqlrelay.conf
</pre>

</blockquote>
<p>And then, on configserver.mydomain.com, host an sqlrelay.conf file like:</p>

<blockquote>
  <pre>http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/oracle.conf
http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/sap.conf
http://myuser:mypassword@configserver.mydomain.com/sqlrconfig/db2.conf
</pre>

</blockquote>
<p>The files oracle.conf, sap.conf, and db2.conf could then be hosted by and maintained on that server as well.</p>

<p>The links in these examples are all urls, but they could just as easily be links to local files and directories as well.  It is important to note though, that SQL Relay interprets all local file and directory locations relative to the local machine.  If a remotely hosted link file contains a reference to a local file or directory, then SQL Relay will look for that file on the local machine, not the remote machine.</p>

<p>Similarly, urls are resolved using the DNS configuration of the local machine as well, not the DNS configuration of the remote machine.</p>

<p>The urls in these examples all contain literal users and passwords.  User-password files can also be used as described in the section <a href="#remote">Remote Configuration Files</a>.  However, the user-password file must exist at the specified location on the local machine.</p>

<p>As link files can be protected by file permissions, and the urls stored in them aren't exposed anywhere else, such as in a process listing, user-password files are not generally necessary when using link files.</p>

<p>There is no limit to the depth of links.  A link file can reference another link file which references another, which references another, etc.  Too great a depth could lead to slow startup times though, especially when using remote configration files. This is especially significant when using <a href="#dynamicscaling">Dynamic Scaling</a>, as the configuration must be loaded each time a new connection is spawned.  Care should also be taken to avoid loops.</p>

<hr/>

<br/><a name="advanced"/><h1>Advanced Configuration</h1>

The configuration file supports many more attributes and features than the ones described in this guide including tuning options.  See the <a href="configreference.html">SQL Relay Configuration Reference</a> and <a href="tuning.html">Tuning SQL Relay</a> for more information.
</body>
</html>
